20. Random number generator (RNG)
This section applies to the whole STM32F20x and STM32F21x family, unless otherwise specified.
20.1 RNG introduction
The RNG processor is a random number generator, based on a continuous analog noise, that provides a random 32-bit value to the host when read.
The RNG passed the FIPS PUB 140-2 (2001 October 10) tests with a success ratio of 99%.
20.2 RNG main features
- • It delivers 32-bit random numbers, produced by an analog generator
- • 40 periods of the RNG_CLK clock signal between two consecutive random numbers
- • Monitoring of the RNG entropy to flag abnormal behavior (generation of stable values, or of a stable sequence of values)
- • It can be disabled to reduce power consumption
20.3 RNG functional description
Figure 210 shows the RNG block diagram.
Figure 210. Block diagram
The block diagram illustrates the internal architecture of the RNG. At the top, a horizontal double-headed arrow represents the '32-bit AHB bus'. Below it, a 'Control register' labeled 'RNG_CR' is connected to the bus via a double-headed arrow. To the right, a 'data register' labeled 'RNG_DR' is also connected to the bus via a double-headed arrow. Below the RNG_DR is a block labeled 'LFSR'. An arrow points from the LFSR to the RNG_DR, labeled 'data register'. Below the LFSR is a block labeled 'Analog seed'. An arrow points from the Analog seed to the LFSR, labeled 'feed a Linear Feedback Shift Register'. To the left of the LFSR is a block labeled 'Clock checker & fault detector'. An arrow points from the LFSR to this block. Below the clock checker is a 'Status register' labeled 'RNG_SR', which is connected to the clock checker by a double-headed arrow. A clock signal line labeled 'RNG_CLK' enters from the left and branches to both the LFSR and the Clock checker & fault detector. In the bottom right corner of the diagram, the identifier 'ai16080' is present.
- 1. For more details about RNG clock (RNG_CLK) source, refer to Section 5: Reset and clock control (RCC) .
The random number generator implements an analog circuit. This circuit generates seeds that feed a linear feedback shift register (RNG_LFSR) in order to produce 32-bit random numbers.
The analog circuit is made of several ring oscillators whose outputs are XORed to generate the seeds. The RNG_LFSR is clocked by a dedicated clock (RNG_CLK) at a constant
frequency, so that the quality of the random number is independent of the HCLK frequency. The contents of the RNG_LFSR are transferred into the data register (RNG_DR) when a significant number of seeds have been introduced into the RNG_LFSR.
In parallel, the analog seed and the dedicated RNG_CLK clock are monitored. Status bits (in the RNG_SR register) indicate when an abnormal sequence occurs on the seed or when the frequency of the RNG_CLK clock is too low. An interrupt can be generated when an error is detected.
20.3.1 Operation
To run the RNG, follow the steps below:
- 1. Enable the interrupt if needed (to do so, set the IE bit in the RNG_CR register). An interrupt is generated when a random number is ready or when an error occurs.
- 2. Enable the random number generation by setting the RNGEN bit in the RNG_CR register. This activates the analog part, the RNG_LFSR and the error detector.
- 3. At each interrupt, check that no error occurred (the SEIS and CEIS bits should be '0' in the RNG_SR register) and that a random number is ready (the DRDY bit is '1' in the RNG_SR register). The contents of the RNG_DR register can then be read.
As required by the FIPS PUB (Federal Information Processing Standard Publication) 140-2, the first random number generated after setting the RNGEN bit should not be used, but saved for comparison with the next generated random number. Each subsequent generated random number has to be compared with the previously generated number. The test fails if any two compared numbers are equal (continuous random number generator test).
20.3.2 Error management
If the CEIS bit is read as '1' (clock error)
In the case of a clock, the RNG is no more able to generate random numbers because the RNG_CLK clock is not correct. Check that the clock controller is correctly configured to provide the RNG clock and clear the CEIS bit. The RNG can work when the CECS bit is '0'. The clock error has no impact on the previously generated random numbers, and the RNG_DR register contents can be used.
If the SEIS bit is read as '1' (seed error)
In the case of a seed error, the generation of random numbers is interrupted for as long as the SECS bit is '1'. If a number is available in the RNG_DR register, it must not be used because it may not have enough entropy.
What you should do is clear the SEIS bit, then clear and set the RNGEN bit to reinitialize and restart the RNG.
20.4 RNG registers
The RNG is associated with a control register, a data register and a status register. They have to be accessed by words (32 bits).
20.4.1 RNG control register (RNG_CR)
Address offset: 0x00
Reset value: 0x0000 0000
| 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 |
| Reserved | |||||||||||||||
| 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
| Reserved | IE | RNGEN | Reserved | ||||||||||||
| rw | rw | ||||||||||||||
Bits 31:4 Reserved, must be kept at reset value
Bit 3 IE : Interrupt enable
0: RNG Interrupt is disabled
1: RNG Interrupt is enabled. An interrupt is pending as soon as DRDY=1 or SEIS=1 or CEIS=1 in the RNG_SR register.
Bit 2 RNGEN : Random number generator enable
0: Random number generator is disabled
1: random Number Generator is enabled.
Bits 1:0 Reserved, must be kept at reset value
20.4.2 RNG status register (RNG_SR)
Address offset: 0x04
Reset value: 0x0000 0000
| 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | |||
| Reserved | ||||||||||||||||||
| 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
| Reserved | SEIS | CEIS | Reserved | SECS | CECS | DRDY | ||||||||||||
| rc_w0 | rc_w0 | r | r | r | ||||||||||||||
Bits 31:3 Reserved, must be kept at reset value
Bit 6 SEIS : Seed error interrupt status
This bit is set at the same time as SECS, it is cleared by writing it to 0.
0: No faulty sequence detected
1: One of the following faulty sequences has been detected:
- – More than 64 consecutive bits at the same value (0 or 1)
- – More than 32 consecutive alternances of 0 and 1 (0101010101...01)
An interrupt is pending if IE = 1 in the RNG_CR register.
Bit 5 CEIS : Clock error interrupt status
This bit is set at the same time as CECS, it is cleared by writing it to 0.
0: The RNG_CLK clock was correctly detected
1: The RNG_CLK was not correctly detected ( \( f_{\text{RNG\_CLK}} < f_{\text{HCLK}}/16 \) )
An interrupt is pending if IE = 1 in the RNG_CR register.
Bits 4:3 Reserved, must be kept at reset value
Bit 2 SECS : Seed error current status
0: No faulty sequence has currently been detected. If the SEIS bit is set, this means that a faulty sequence was detected and the situation has been recovered.
1: One of the following faulty sequences has been detected:
- – More than 64 consecutive bits at the same value (0 or 1)
- – More than 32 consecutive alternances of 0 and 1 (0101010101...01)
Bit 1 CECS : Clock error current status
0: The RNG_CLK clock has been correctly detected. If the CEIS bit is set, this means that a clock error was detected and the situation has been recovered
1: The RNG_CLK was not correctly detected ( \( f_{RNG\_CLK} < f_{HCLK}/16 \) ).
Bit 0 DRDY : Data ready
0: The RNG_DR register is not yet valid, no random data is available
1: The RNG_DR register contains valid random data
Note: An interrupt is pending if IE = 1 in the RNG_CR register.
Once the RNG_DR register has been read, this bit returns to 0 until a new valid value is computed.
20.4.3 RNG data register (RNG_DR)
Address offset: 0x08
Reset value: 0x0000 0000
The RNG_DR register is a read-only register that delivers a 32-bit random value when read. After being read, this register delivers a new random value after a maximum time of 40 periods of the RNG_CLK clock. The software must check that the DRDY bit is set before reading the RNDATA value.
| 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 |
| RNDATA | |||||||||||||||
| r | r | r | r | r | r | r | r | r | r | r | r | r | r | r | r |
| 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
| RNDATA | |||||||||||||||
| r | r | r | r | r | r | r | r | r | r | r | r | r | r | r | r |
Bits 31:0
RNDATA
: Random data
32-bit random data.
20.4.4 RNG register map
Table 76 gives the RNG register map and reset values.
Table 76. RNG register map and reset map
| Offset | Register name reset value | Register size | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |
| 0x00 | RNG_CR 0x00000000 | Reserved | IE | RNGEN | Reserved | |||||||||||||||||||||||||||
| 0x04 | RNG_SR 0x00000000 | Reserved | SEIS | CEIS | Reserved | SECS | CECS | DRDY | ||||||||||||||||||||||||
| 0x08 | RNG_DR 0x00000000 | RNDATA[31:0] | ||||||||||||||||||||||||||||||