Update Caliptra_rtl.md

Adding specific signal names for flops to remove from scan chain to protect obfuscation key leakage.
chipsalliance · Nov 1, 2023 · 5c66ed0 · 5c66ed0
1 parent e8e5a41
commit 5c66ed0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/Caliptra_rtl.md b/docs/Caliptra_rtl.md
@@ -586,7 +586,7 @@ The following table describes SoC integration requirements.
 | Deobfuscation Key                | If not driven through PUF, SoC backend flows shall ECO the deobfuscation key before tapeout.                                                                                                                                              | Statement of conformance | Required by UDS and Field Entropy threat model    |
 | Deobfuscation Key                | Rotation of the deobfuscation key (if not driven through PUF) between silicon steppings of a given product (for example, A0 vs. B0 vs. PRQ stepping) is dependent on company-specific policies.                                           | Statement of conformance | Required by UDS and Field Entropy threat model    |
 | Deobfuscation Key                | SoC backend flows should not insert deobfuscation key flops into the scan chain.                                                                                                                                                          | Synthesis report         | Required by UDS and Field Entropy threat model    |
-| Deobfuscation Key                | For defense in depth, it is strongly recommended that debofuscation key flops are not on the scan chain.                                                                                                                                  |                          | Caliptra HW threat model                          |
+| Deobfuscation Key                | For defense in depth, it is strongly recommended that debofuscation key flops are not on the scan chain. <br> Remove the following signals from the scan chain: <br> cptra_scan_mode_Latched_d <br> cptra_scan_mode_Latched_f <br> field_storage.internal_obf_key | Statement of conformance | Caliptra HW threat model |
 | CSR Signing Key                  | SoC backend flows shall generate CSR signing key with appropriate NIST compliance as dictated in the Caliptra RoT specification.                                                                                                          | Statement of conformance | Required by IDevID threat model                   |
 | CSR Signing Key                  | Rotation of the CSR private key between silicon steppings of a given product (for example, A0 vs. B0 vs. PRQ stepping) is dependent on company-specific policies.                                                                         | Statement of conformance |                                                   |
 | CSR Signing Key                  | SoC backend flows should not insert CSR signing key flops into the scan chain.                                                                                                                                                            | Synthesis report         | Required by IDevID threat model                   |