# AC473 Application Note PolarFire FPGA: Implementing Data Security Using User Cryptoprocessor - Splash Kit





a MICROCHIP company

#### Microsemi Headquarters

One Enterprise, Aliso Viejo, CA 92656 USA Within the USA: +1 (800) 713-4113 Outside the USA: +1 (949) 380-6100 Sales: +1 (949) 380-6136 Fax: +1 (949) 215-4996

Email: sales.support@microsemi.com

www.microsemi.com

©2018 Microsemi, a wholly owned subsidiary of Microchip Technology Inc. All rights reserved. Microsemi and the Microsemi logo are registered trademarks of Microsemi Corporation. All other trademarks and service marks are the property of their respective owners.

Microsemi makes no warranty, representation, or guarantee regarding the information contained herein or the suitability of its products and services for any particular purpose, nor does Microsemi assume any liability whatsoever arising out of the application or use of any product or circuit. The products sold hereunder and any other products sold by Microsemi have been subject to limited testing and should not be used in conjunction with mission-critical equipment or applications. Any performance specifications are believed to be reliable but are not verified, and Buyer must conduct and complete all performance and other testing of the products, alone and together with, or installed in, any end-products. Buyer shall not rely on any data and performance specifications or parameters provided by Microsemi. It is the Buyer's responsibility to independently determine suitability of any products and to test and verify the same. The information provided by Microsemi hereunder is provided "as is, where is" and with all faults, and the entire risk associated with such information is entirely with the Buyer. Microsemi does not grant, explicitly or implicitly, to any party any patent rights, licenses, or any other IP rights, whether with regard to such information itself or anything described by such information. Information provided in this document is proprietary to Microsemi, and Microsemi reserves the right to make any changes to the information in this document or to any products and services at any time without notice.

#### About Microsemi

Microsemi, a wholly owned subsidiary of Microchip Technology Inc. (Nasdaq: MCHP), offers a comprehensive portfolio of semiconductor and system solutions for aerospace & defense, communications, data center and industrial markets. Products include high-performance and radiation-hardened analog mixed-signal integrated circuits, FPGAs, SoCs and ASICs; power management products; timing and synchronization devices and precise time solutions, setting the world's standard for time; voice processing devices; RF solutions; discrete components; enterprise storage and communication solutions, security technologies and scalable anti-tamper products; Ethernet solutions; Power-over-Ethernet ICs and midspans; as well as custom design capabilities and services. Learn more at www.microsemi.com.



# **Contents**

| 1 | Revis | ion His | story                                       | 1  |
|---|-------|---------|---------------------------------------------|----|
|   | 1.1   |         | on 2.0                                      |    |
|   | 1.2   |         | on 1.0                                      |    |
| 2 | Imple | mentin  | ng Data Security Using User Cryptoprocessor | 2  |
|   | 2.1   |         | Cryptoprocessor                             |    |
|   | 2.2   |         | n Requirements                              |    |
|   | 2.3   | _       | n Files                                     |    |
|   | 2.4   | -       | n Description                               |    |
|   |       | 2.4.1   | Clocking Structure                          |    |
|   |       | 2.4.2   | Hardware Implementation                     |    |
|   |       | 2.4.3   | Software Implementation                     |    |
|   |       | 2.4.4   | LSRAM Initialization from SPI Flash         | 12 |
|   | 2.5   | Progra  | amming the PolarFire Device and SPI Flash   | 15 |
|   |       | 2.5.1   | Tera Term Setup                             | 16 |
|   | 2.6   | Runnin  | ng the Demo                                 |    |
|   |       | 2.6.1   | Running Tera Term Macro Script              |    |
| 3 | Apper | ndix: R | Running UserCrypto Sample Projects          | 25 |
| 4 | Apper | ndix: U | Jser Cryptoprocessor Simulation             | 29 |



# **Figures**

| Figure 1  | PF_CRYPTO Macro                                                          | . 2 |
|-----------|--------------------------------------------------------------------------|-----|
| Figure 2  | Reference Design Block Diagram                                           |     |
| Figure 3  | Clocking Structure                                                       |     |
| Figure 4  | CoreAHBL2AHBL_Bridge Configurator                                        |     |
| Figure 5  | Mi-V Processor Subsystem with User Cryptoprocessor                       | . 9 |
| Figure 6  | Design Resource Utilization                                              |     |
| Figure 7  | User Crypto CAL Driver                                                   |     |
| Figure 8  | SoftConsole Project Directory Structure                                  |     |
| Figure 9  | Peripheral Base Address                                                  |     |
| Figure 10 | Linker Script                                                            |     |
| Figure 11 | Linker Script (Continued)                                                |     |
| Figure 12 | Example of Hex File                                                      |     |
| Figure 13 | Configure Design Initialization Data and Memories                        |     |
| Figure 14 | Fabric RAMs                                                              |     |
| Figure 15 | Edit Fabric RAM Initialization Client                                    |     |
| Figure 16 | Design Initialization                                                    |     |
| Figure 17 | Generate Design Initialization Data                                      |     |
| Figure 18 | sNVM Client Verification                                                 |     |
| Figure 19 | Board Setup                                                              |     |
| Figure 20 | Program SPI Flash Image                                                  |     |
| Figure 21 | Select Serial as the Connection Type                                     |     |
| Figure 22 | Tera Term Configuration                                                  |     |
| Figure 23 | Tera Term General Setup                                                  |     |
| Figure 24 | Application Menu                                                         |     |
| Figure 25 | Application Menu—Enter 128-bit Key                                       |     |
| Figure 26 | Application Menu—Nonce                                                   |     |
| Figure 27 | Application Menu—Additional Authentication Data                          |     |
| Figure 28 | Application Menu—Input Data to Encrypt and Authenticate                  |     |
| Figure 29 | Application Menu—Number of Octets in authentication Field                |     |
| Figure 30 | Application Menu—Encrypted and Authentication Data                       |     |
| Figure 31 | Application Menu Decryption—Enter 128-bit Key for AES Decryption         |     |
| Figure 32 | Application Menu Decryption—Nonce                                        |     |
| Figure 33 | Application Menu—Additional Authentication Data                          |     |
| Figure 34 | Application Menu—Input Data to Encrypt and Authenticate                  |     |
| Figure 35 | Application Menu—Encrypted and Authentication Data                       |     |
| Figure 36 | Application Menu—AES CCM Decryption Result                               |     |
| Figure 37 | Tera Term Macro Script to Test AES Service                               |     |
| Figure 38 | Executing Macro Script                                                   | 23  |
| Figure 39 | Selecting Macro Script File                                              |     |
| Figure 40 | Macro Script Execution Result                                            |     |
| Figure 41 | Firmware Catalog—Sample Projects                                         |     |
| Figure 42 | Generate Sample Project                                                  |     |
| Figure 43 | Import Options                                                           |     |
| Figure 44 | Select An Import Source                                                  |     |
| Figure 45 | Import Dialog                                                            |     |
| Figure 46 | Importing RV32_Message_Authentication Project                            |     |
| Figure 47 | SoftConsole Workspace—Sample Projects                                    |     |
| Figure 48 | Libero Project settings—VSIM Command for User Cryptoprocessor Simulation |     |
| Figure 49 | User Cryptoprocessor Simulation                                          | 29  |



# **Tables**

| Table 1 | PF_CRYPTO Port List                   | 3 |
|---------|---------------------------------------|---|
| Table 2 | Resource Requirements                 |   |
| Table 3 | IP Cores Used in the Reference Design |   |
| Table 4 | System Memory Map                     | 8 |
| Table 5 | Jumper Settings                       |   |
| Table 6 | Algorithm                             | Į |



# 1 Revision History

The revision history describes the changes that were implemented in the document. The changes are listed by revision, starting with the current publication.

## **1.1** Revision **2.0**

The document was updated for Libero SoC PolarFire v2.2 release.

## 1.2 **Revision 1.0**

The first publication of this document.



# 2 Implementing Data Security Using User Cryptoprocessor

PolarFire® FPGAs represent the industry's most advanced security programmable FPGAs.

Data security protects application data—stored, communicated, or computed at run-time—from being copied, altered, or corrupted. PolarFire devices have a dedicated crypto processor, referred as User Cryptoprocessor, for data security applications.

This application note describes User Cryptoprocessor features, how to build a Libero<sup>®</sup>, and SoftConsole project to perform cryptographic operations using the User Cryptoprocessor as a coprocessor to a host general purpose processor.

## 2.1 User Cryptoprocessor

The User Cryptoprocessor is an Athena TeraFire<sup>®</sup> EXP-F5200B cryptography microprocessor. It provides complete support for the Commercial National Security Algorithm (CNSA) Suite1 and beyond, and includes side-channel analysis (SCA) resistant cryptography using patented leakage reduction countermeasures. These countermeasures provide strong resistance against SCA attacks such as differential power analysis (DPA) and simple power analysis (SPA). The User Cryptoprocessor is available in PolarFire "S" grade devices.

The User Cryptoprocessor supports numerous cryptographic algorithms, including the following:

- AES with 128-, 192-, and 256-bit key sizes in ECB, CBC, CFB, OFB, CTR, and GCM modes
- · AES key wrap and unwrap
- SHA1, SHA2-224, SHA2-256, SHA2-384, and SHA2-512
- AES-CMAC and AES-GMAC
- HMAC-SHA
- True random number generation (non-deterministic random bit generator plus NIST SP800-90A deterministic random bit generator)
- RSA, DSA, and modular exponentiation (Diffie-Hellman) with key sizes up to 4096-bits
- EC key pair generation, point validation, point multiplication (EC Diffie-Hellman), and ECDSA for
  - NIST P-curves: P-192, P-224, P-256, P-384, and P-521
  - Brainpool curves: P-256, P-384 and P-512
- · Key-tree function

The User Cryptoprocessor is a hard block in PolarFire FPGAs and its maximum operating frequency is 189 MHz¹. It is accessible to a soft processor in the FPGA fabric via the AHB-Lite slave interface for control and primary data input and output. The User Cryptoprocessor has built-in DMA to offload the main processor from doing data transfers between the User Cryptoprocessor and the user memory. The DMA functionality is accessible via an AMBA AHB-Lite master interface. The Libero SoC PolarFire design suite provides a PF\_CRYPTO macro in Catalog, which must be integrated with the user design to use the User Cryptoprocessor. The following figure shows the input and output ports of the PF\_CRYPTO macro.

Figure 1 • PF CRYPTO Macro



1.Enable Fabric Clock (HCLK) Frequency is less than 100 MHz in PF\_CRYPTO macro configurator if you want to operate the user cryptoprocessor at a frequency less than 100 MHz.



The following table lists and describes the PF\_CRYPTO ports. The control and status signals initiate action and obtain status. Corresponding control and status signals are also accessible via the dynamic reconfiguration interface (DRI). Contact Microsemi tech-support for information on how to use DRI.

Table 1 • PF\_CRYPTO Port List

| Port Name  | Direction | Description                                                                                                                                                                                                                                                                                                                                                                                                                              |
|------------|-----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| AHB_SLAVE  |           | AHB-Lite slave interface.                                                                                                                                                                                                                                                                                                                                                                                                                |
| AHB_MASTER |           | AHB-Lite master interface.                                                                                                                                                                                                                                                                                                                                                                                                               |
| HCLK       | Input     | AHB bus clock.                                                                                                                                                                                                                                                                                                                                                                                                                           |
| HRESETN    | Input     | AHB bus reset. Asserts the functional reset of the User Cryptoprocessor block and zeroizes all the internal RAM and registers as PURGE signal.                                                                                                                                                                                                                                                                                           |
| PURGE      | Input     | When the signal is set to '1', it initializes the Zeroization of User Cryptoprocessor internal RAM and registers. For normal operation, this signal must be tied low. The PURGE input is level sensitive, and if the PURGE pin is still asserted when a purge operation completes, another purge operation is initiated.                                                                                                                 |
| START      | Input     | External execution initiation input when the User Cryptoprocessor operates in standalone configuration without a host processor connected to the bus interface. Asserting START signal causes the User Cryptoprocessor to initiate execution. During execution, the status of the User Cryptoprocessor is reflected by the BUSY and DLL_LOCK ports. This signal must be tied low when the User Cryptoprocessor is used as a coprocessor. |
| STALL      | Input     | Stalls the User Cryptoprocessor for a clock cycle, to introduce variance in the external signatures. The STALL input is expected to be generated by a LFSR circuit in the fabric and asserted randomly for a single cycle to achieve the required stall rates. The STALL input must not be asserted until at least three clock cycles after the HRESETN is de-asserted and the DLL has indicated LOCK for three cycles.                  |
| BUSY       | Output    | Execution status signal.                                                                                                                                                                                                                                                                                                                                                                                                                 |
| COMPLETE   |           | Asserted to indicate that the User Cryptoprocessor has completed an operation. This signal can be connected to the host microprocessor as an interrupt request signal, enabling the User Cryptoprocessor to interrupt the processor when it completes an operation.                                                                                                                                                                      |
| ALARM      |           | Asserted to indicate an uncorrectable memory error condition. An uncorrectable memory error causes the crypto core to perform a reset and purge. This reset terminates any in-progress operation. For most CAL operations, the CALPKTrfRes() function is used to complete the operation, and generates a hardware fault code in the event of an alarm.                                                                                   |
| BUS_ERROR  |           | Asserted when a HRESP response error is detected by the User Cryptoprocessor AHB master. Once set, a reset is required to clear.                                                                                                                                                                                                                                                                                                         |
| DLL_LOCK   | Output    | DLL lock status.                                                                                                                                                                                                                                                                                                                                                                                                                         |

Microsemi provides an Athena TeraFire cryptographic applications library (CAL) to access User Cryptoprocessor functions. TeraFire CAL is a C language library that provides functions to access symmetric key, elliptic curve, public key, hash, random number generation, and message authentication code algorithms. It is available for download in the Microsemi Firmware Catalog software. The user application running on the main processor must include CAL APIs to perform the cryptographic operations on the User Cryptoprocessor.

For information about User Cryptoprocessor, supported cryptographic functions and their CAL API descriptions, see *Athena TeraFire Cryptographic Algorithm Library (CAL) Users Guide*.



# 2.2 Design Requirements

The following table lists the hardware, software, and IPs required to create a Libero and SoftConsole project to perform cryptographic operations using the User Cryptoprocessor.

Table 2 • Resource Requirements

| Requirement                                                                                                                                   | Version               |  |  |  |
|-----------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|--|--|--|
| Host PC Operating system                                                                                                                      | Windows 7, 8.1, or 10 |  |  |  |
| Hardware                                                                                                                                      |                       |  |  |  |
| PolarFire Splash Kit (MPF300TS-1FCG484EES)  – PolarFire Splash Board  – 12 V/5 A wall-mounted power adapter  – USB 2.0 A-male to mini-B cable | Rev 2 or later        |  |  |  |
| Software                                                                                                                                      |                       |  |  |  |
| Libero SoC PolarFire <sup>1</sup>                                                                                                             | v2.2                  |  |  |  |
| SoftConsole                                                                                                                                   | 5.2                   |  |  |  |
| Tera Term                                                                                                                                     | 4.95                  |  |  |  |
| IP Cores and HDL Source Files                                                                                                                 |                       |  |  |  |
| MIV_RV32IMA_L1_AHB                                                                                                                            | 2.0.100               |  |  |  |
| CoreJTAGDEBUG                                                                                                                                 | 2.0.100               |  |  |  |
| PF_INIT_Monitor                                                                                                                               | 2.0.103               |  |  |  |
| CoreAHBL2AHBL_Bridge                                                                                                                          | 2.0.108               |  |  |  |
| CoreAHBtoAPB3                                                                                                                                 | 3.1.100               |  |  |  |
| CoreUARTapb                                                                                                                                   | 5.6.102               |  |  |  |
| PF_SRAM_AHBL_AXI                                                                                                                              | 1.1.125               |  |  |  |
| CoreAHBLite                                                                                                                                   | 5.3.101               |  |  |  |
| CoreAPB3                                                                                                                                      | 4.1.100               |  |  |  |
| PF_CCC                                                                                                                                        | 1.0.113               |  |  |  |
| PF_CRYPTO                                                                                                                                     | 1.0.105               |  |  |  |
| reset_synchronizer.v                                                                                                                          | NA                    |  |  |  |
| CoreSysServices_PF                                                                                                                            | 2.3.116               |  |  |  |

<sup>1.</sup> You need to have Evaluation, Gold, Platinum, or Standalone license to use PolarFire 'S' grade devices.

## 2.3 Design Files

Download the design files from the following location:

http://soc.microsemi.com/download/rsc/?f=mpf\_ac473\_liberosocpolarfirev2p2\_df



## 2.4 Design Description

Microsemi offers a freely available RISC-V processor IP core called Mi-V and software tool chain to support Mi-V processor-based designs. In this reference design, a Mi-V soft processor core is used as the main processor and the User Cryptoprocessor as the coprocessor.

RISC-V, a standard open instruction set architecture (ISA) under the governance of the RISC-V Foundation, offers numerous benefits, including enabling the open source community to test and improve cores at a faster pace than closed ISAs.

The Libero design provided with this application note shows how to integrate the User Cryptoprocessor in a Mi-V processor subsystem. The SoftConsole project shows how to integrate and build TeraFire CAL driver into a Mi-V processor application project. A similar process can be used to integrate the User Cryptoprocessor and its CAL driver into other general purpose processor subsystem environments.

The Mi-V application provided with the reference design demonstrates the advanced encryption standard (AES) algorithm features of the User Cryptoprocessor. It provides a user interface on the host PC using the UART. The user can download and run the other User Crypto sample projects available in the Firmware catalog to explore using the User Cryptoprocessor cryptographic algorithms.

Each PolarFire FPGA has 56 Kbytes of secure non-volatile memory (sNVM), which can be used for storing cryptographic keys. The sNVM pages are accessible through system services for read/write. The reference design integrates CoreSysServices\_PF IP for sNVM read/write.

The following figure shows a block diagram of the reference design.

Figure 2 • Reference Design Block Diagram





## 2.4.1 Clocking Structure

In the reference design, there is one clock domain. The on-board 50 MHz crystal oscillator is connected to the PF CCC block which generates 100 MHz and 180 MHz clocks.

The 180 MHz crypto clock is connected to PF\_CRYPTO and COREAHBL\_BRIDGE blocks.

The 100 MHz system clock is connected to COREAHBL2AHBL\_BRIDGE, Mi\_V\_RV32\_AHB, SRAM\_Buffer, CoreAHBLite, COREAHBTOAPB3, LSRAM\_EXE\_MEM, System Services, and CoreUARTapb blocks.

The following figure shows the clocking structure.

Figure 3 • Clocking Structure

# **Clocking Structure** On-board 50 MHz Crystal Oscillator PF\_CCC S. F. SYS\_CLK CRYPTO\_ PROC\_SUBSYSTEM\_0 CRYPTO\_CLK SYS\_CLK COREAHBL2AHBL PF\_CRYPTO Mi\_V\_RV32\_AHB **BRIDGE** SRAM\_Buffer CoreAHBLite COREAHBTOAPB3 LSRAM\_EXE\_MEM CoreUARTapb SystemServices



### 2.4.2 Hardware Implementation

To build a Mi-V subsystem for PolarFire FPGAs, use the Libero SoC PolarFire design suite to create an FPGA design using the Mi-V processor core and peripheral cores. The following table lists the IP cores used in the reference design.

Table 3 • IP Cores Used in the Reference Design

| IP Core              | Description                                                                                                                                                                                                     |
|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| MIV_RV32IMA_L1_AHB   | Mi-V soft processor                                                                                                                                                                                             |
| CoreJTAGDEBUG        | Facilitates the connection of Joint Test Action Group (JTAG) compatible soft core processors to the JTAG header for debugging. It provides fabric access to the JTAG interface using UJTAG macro.               |
| PF_INIT_monitor      | System Controller uses this macro to check the status of device initialization. The device initialization includes SRAM initialization from µPROM/sNVM/SPI Flash. The DEVICE_INIT_DONE signal is used as reset. |
| CoreAHBLite          | Multi-master AHB-Lite bus                                                                                                                                                                                       |
| COREAHBL2AHBL_BRIDGE | AHB to AHB bridge connect two AHB-Lite buses clocked by asynchronous clocks. This is required because the User Cryptoprocessor clock is different than the rest of the Mi-V processor subsystem clock.          |
| PF_CRYPTO            | Macro to access hard User Cryptoprocessor                                                                                                                                                                       |
| PF_SRAM_AHBL_AXI     | PolarFire LSRAM. Used as system memory for Mi-V processor.                                                                                                                                                      |
| CoreAHBtoAPB3        | Bridge between AHB master and APB slave.                                                                                                                                                                        |
| CoreUARTapb          | UART Controller with APB interface                                                                                                                                                                              |
| PF_CCC               | Macro to access PolarFire CCC block. It is used to synthesize 100 MHz and 180 MHz clock frequencies from the CCC with an on-board 50 MHz reference clock.                                                       |
| reset_synchronizer.v | Reset synchronizer is used to synchronize the reset with system clock.                                                                                                                                          |
| CoreSysServices_PF   | The CoreSysServices_PF provides access to the System Services supported by PolarFire device. These are System Controller actions initiated from the user design using the CoreSysServices.                      |

Configure and connect the IP cores listed in Table 3, page 7, then run the Libero design flow to create a programming file. For more information about how to build a Mi-V processor subsystem for PolarFire devices, see *TU0775: PolarFire FPGA: Building a Mi-V Processor Subsystem Tutorial*. This Mi-V processor subsystem can be extended to integrate a User Cryptoprocessor into the system.

The MIV\_RV32IMA\_L1\_AHB processor core comprises of an instruction fetch unit, an execution pipeline, and a data memory system. The MIV\_RV32IMA\_L1\_AHB processor memory system includes instruction cache and data cache. The MIV\_RV32IMA\_L1\_AHB core includes two external AHB interfaces—the AHB memory (MEM) bus master interface and the AHB memory mapped I/O (MMIO) bus master interface. The cache controller uses AHB MEM interface to refill the instructions and the data caches. The AHB MMIO interface is used for an un-cached accesses to I/O peripherals.

The memory maps of the AHB MMIO interface and the MEM interface are 0x60000000 to 0x7F000000 and 0x800000000 to 0x8FFFFFFF, respectively. The MIV\_RV32IMA\_L1\_AHB processor's reset vector address is set to 0x80000000. The processor's reset vector address is configurable. The MIV\_RV32IMA\_L1\_AHB's reset is an active-low signal, which must be de-asserted in sync with the system clock via a reset synchronizer. For more information about the MIV\_RV32IMA\_L1\_AHB core, see HB0801: MiV\_RV32IMAF\_L1\_AHB V2.0 Handbook from Libero Catalog.

The MIV\_RV32IMA\_L1\_AHB processor accesses the application execution memory using the AHB MEM interface. The CoreAHBLite\_1 bus instance is configured to provide 2 GB memory slot (Slot 16) beginning at address 0x80000000. The PolarFire LSRAM memory block (LSRAM\_EXE\_MEM\_1 instance) is connected to this slot and the LSRAM acts as an application execution memory for the Mi-V processor.



The MIV\_RV32IMA\_L1\_AHB processor directs the data transactions between addresses 0x60000000 and 0x7F000000 to the MMIO interface. The MMIO interface is connected to the CoreAHBLite\_0 bus to communicate with peripherals connected to its slave slots. The CoreAHBLite\_0 bus instance is configured to provide 16 slave slots, each of size 64 KB. The sixteen 64 KB slots consume a total address space of 16\*64\*1024 = 2^20 bytes and can be addressed using 20-bit address bus. The CoreAHBLite\_0 bus, using only the lower 20-bits of the MMIO bus address, and maps the connected peripherals within the address range. The User Cryptoprocessor, UART peripheral, System Services, and LSRAM memory are connected to the CoreAHBLite\_0 bus.

The following table summarizes the memory map of the reference design.

Table 4 • System Memory Map

| Component        | Description                            | Memory Map               |
|------------------|----------------------------------------|--------------------------|
| PF_CRYPTO_0      | User Cryptoprocessor                   | 0x62000000 to 0x6200FFFF |
| SystemServices_0 | System Services                        | 0x60001000 to 0x60001FFF |
| CoreUARTapb_0    | UART peripheral                        | 0x60000000 to 0x60000FFF |
| RAM_Buffer_0     | Memory buffer for User Cryptoprocessor | 0x61000000 to 0x61FFFFF  |
| LSRAM_EXE_MEM_0  | Mi-V processor system memory           | 0x80000000 to 0x8FFFFFF  |

In this reference design, the User Cryptoprocessor clock (crypto\_clk) is configured to operate at 180 MHz and the clock for the rest of the Mi-V subsystem (sys\_clk) operates at 100 MHz. This reference design uses the CoreAHBL2AHBL\_Bridge IP to provide clock domain crossing between sys\_clk and crypto\_clk.

The CoreAHBL2AHBL\_Bridge IP functions as a bridge between the AHB master and AHB slave where master and slave operate in two clock domains that are asynchronous in nature. The following figure shows the CoreAHBL2AHBL\_Bridge IP Configurator. This IP can be configured by setting the **Select bridge Mode** option to either **Master-to-Slave Path** or **Slave-to-Master Path**.

Figure 4 • CoreAHBL2AHBL\_Bridge Configurator



The CoreAHBL2AHBL\_Bridge\_0 is configured in the Slave-to-Master path to connect the User Cryptoprocessor to the Mi-V processors peripheral MMIO bus for control and primary data input and output. In this configuration, the sys\_clk must be connected to the bridges slave interface clock (hclk\_s0) and the crypto\_clk must be connected to the bridge's master interface clock (hclk\_m0).

The CoreAHBL2AHBL\_Bridge\_1 is configured in the Master-to-Slave path to connect the User Cryptoprocessors AHB master port to the Mi-V processors peripheral bus for DMA transactions. In this configuration, the sys\_clk must be connected to the bridges master interface clock (hclk\_m0) and the crypto\_clk must be connected to the bridges slave interface clock (hclk\_s0).



The following figure shows the SmartDesign view of the Mi-V processor subsystem with a User Cryptoprocessor.

Figure 5 • Mi-V Processor Subsystem with User Cryptoprocessor



See the provided Libero project for more details on component configurations and connections.

#### 2.4.2.1 FPGA Resource Utilization

The following figure shows the reference design resource utilization report under Synthesize in Design Flow window.

Figure 6 • Design Resource Utilization

| Module Name                 | Fabric 4LUT | Fabric DFF | Interface 4LUT | Interface DFF | Single-Ended I/O | uSRAM 1K | LSRAM 18K | Math (18x18) | Chip Globals | PLL |
|-----------------------------|-------------|------------|----------------|---------------|------------------|----------|-----------|--------------|--------------|-----|
| Ё- Тор                      | 14438       | 8466       | 3060           | 3060          | 4                | 27       | 74        | 2            | 6            | 1   |
| Primitives                  | 3           | 0          | 0              | 0             | 4                | 0        | 0         | 0            | 1            | 0   |
| ⊟ CCC_0                     | 0           | 0          | 0              | 0             | 0                | 0        | 0         | 0            | 2            | 1   |
| CCC_0                       | 0           | 0          | 0              | 0             | 0                | 0        | 0         | 0            | 2            | 1   |
| □ PROC_SUBSYSTEM_0          | 14433       | 8457       | 3060           | 3060          | 0                | 27       | 74        | 2            | 2            | 0   |
|                             | 372         | 438        | 120            | 120           | 0                | 10       | 0         | 0            | 0            | 0   |
|                             | 410         | 495        | 132            | 132           | 0                | 11       | 0         | 0            | 0            | 0   |
| ⊕ CORE_AHBTOAPB3_0          | 80          | 134        | 0              | 0             | 0                | 0        | 0         | 0            | 0            | 0   |
|                             | 503         | 291        | 0              | 0             | 0                | 0        | 0         | 0            | 0            | 0   |
| ⊕ CoreAHBLite1_0            | 150         | 118        | 0              | 0             | 0                | 0        | 0         | 0            | 0            | 0   |
| Core_APB3_0     Core_APB3_0 | 53          | 0          | 0              | 0             | 0                | 0        | 0         | 0            | 0            | 0   |
| ⊕ Core_JTAG_Debug_0         | 89          | 16         | 0              | 0             | 0                | 0        | 0         | 0            | 2            | 0   |
| ⊕ Core_UARTabp0_0           | 157         | 114        | 0              | 0             | 0                | 0        | 0         | 0            | 0            | 0   |
|                             | 539         | 56         | 1152           | 1152          | 0                | 0        | 32        | 0            | 0            | 0   |
| . Mi_V_RV32_AHB_0           | 11143       | 6331       | 504            | 504           | 0                | 6        | 10        | 2            | 0            | 0   |
| ₱ PF_CRYPTO_proc_0          | 0           | 35         | 0              | 0             | 0                | 0        | 0         | 0            | 0            | 0   |
|                             | 543         | 47         | 1152           | 1152          | 0                | 0        | 32        | 0            | 0            | 0   |
| ⊕ SystemServices_0          | 394         | 380        | 0              | 0             | 0                | 0        | 0         | 0            | 0            | 0   |
| reset_synchronizer_0        | 0           | 2          | 0              | 0             | 0                | 0        | 0         | 0            | 0            | 0   |
| ⊟ Reset_sync_0              | 2           | 9          | 0              | 0             | 0                | 0        | 0         | 0            | 1            | 0   |
| Reset_sync_0                | 2           | 9          | 0              | 0             | 0                | 0        | 0         | 0            | 1            | 0   |



### 2.4.3 Software Implementation

SoftConsole v5.2 is used to build the user application. For more information about how to create and build a SoftConsole project for the Mi-V processor subsystem, see *TU0775: PolarFire FPGA: Building a Mi-V Processor Subsystem Tutorial*.

To use User Cryptoprocessor services in the application, add the PolarFire User Crypto CAL driver to the SoftConsole project. The User Crypto CAL driver contains <code>config\_user.h</code> file for driver configuration. In the <code>config\_user.h</code> file, define the PKX0\_BASE macro as the base address of the User Cryptoprocessor according to the Libero design.

Figure 7 • User Crypto CAL Driver



The following figure shows the intended directory structure for a project based on MIV\_RV32IMA\_L1\_AHB using SoftConsole. This project uses the User Crypto Library (CAL) and CoreUARTapb drivers. CoreUARTapb drivers rely on the RISC-V HAL to access the hardware. The content of the drivers directory result from generating the driver source files for each peripheral in the project using Firmware Catalog. The contents of the HAL and riscv\_hal directories result from generating the source files for the RISC-V HAL from the Firmware Catalog.

Figure 8 • SoftConsole Project Directory Structure





The UART peripheral base address, System Services base address, and system clock frequency are provided in the  $hw_platform.h$  file.

Figure 9 • Peripheral Base Address



#### 2.4.3.1 Linker Script Update

A sample linker script file (microsemi-riscv-ram.ld) is provided along with the RISC-V HAL files. This linker script assumes that the SRAM is connected at the Mi-V processor memory space. The start address and size of the memory space must correspond with the Libero design.

A *crypto\_ram* user section is defined in the linker script (see the following figure) to map the User Crypto input and output buffers to a common memory located on the Mi-V processor MMIO interface. The common memory is located at address 0x61000000.

Figure 10 · Linker Script

```
Project Explorer ≅
                                                                            * (c) Copyright 2016-2017 Microsemi SoC Products Group. All rights reserved.
   > 🕊 Binaries
   > 🔊 Includes
                                                                            4 * file name : microsemi-riscv-ram.ld
   > @= cal
                                                                           5 * Mi-V soft processor linker script for creating a SoftConsole downloadable 6 * debug image executing in SRAM.
   > 🗁 Debug
   > 🗁 drivers
                                                                            8 * This linker script assumes that the SRAM is connected at on the Mi-V soft
   > 🗁 hal
                                                                          9 * processor memory space. The start address and size of the memory space must 10 * be correct as per the Libero design.
   > 🔑 Release
   riscv_hal
                                                                          10 - be correct as per the Libero design.

11 *
12 * SVM $Revision: 9579 $
13 * SVM $Date: 2017-11-14 17:40:16 +0530 (Tue, 14 Nov 2017) $
14 */
      > 🖻 encoding.h
      > S entry.S
      > i riscv hal stubs.c
                                                                          16 OUTPUT_ARCH( "riscv" )
17 ENTRY(_start)
      > h riscv hal.h
      > 🖻 riscv_plic.h
      > h sample hw platform.h
                                                                          20 MEMORY
      > 🖻 syscall.c
        microsemi-riscv-igloo2.ld
                                                                                  ram (rwx) : ORIGIN = 0x80000000, LENGTH = 64k
crypto_ram (rw) : ORIGIN = 0x61000000, LENGTH = 64k
        microsemi-riscv-ram.ld
   > 🗷 ccm_mac.c
   > 🔑 ccm.c
                                                                                                                                  /* Must be the same value MEMORY region ram ORIGIN above. */
/* Must be the same value MEMORY region ram LENGTH above. */
/* needs to be calculated for your application */
/* needs to be calculated for your application */
                                                                          26 RAM_START_ADDRESS
27 RAM_SIZE
                                                                                                        = 0x80000000;
= 64k;
     li ccm.h
     le helper.c
                                                                          28 STACK SIZE
                                                                                                        = 4k;
     helper.h
                                                                          29 HEAP SIZE
                                                                                                        = 4k:
     hw platform.h
                                                                           31 SECTIONS
      miv-rv32ima-ccm-services Debug.launch
                                                                                   = 0x80000000;
                                                                                .text : ALIGN(0x10)
     RV32_CCM_msg_auth.ttl
                                                                                  *entry.o(.text);
. = ALIGN(0x10);
*(.text .text.* .gnu.linkonce.t.*)
```



Figure 11 • Linker Script (Continued)



#### 2.4.4 LSRAM Initialization from SPI Flash

This section describes how to load the user application—hex image file—into the LSRAM from SPI flash using System Controller.

To configure Design Initialization Data and Memories, complete the following steps:

Figure 12 • Example of Hex File





 Double-click Configure Design Initialization Data and Memories from the Design Flow window as shown in the following figure.

Figure 13 • Configure Design Initialization Data and Memories



Click the Fabric RAMs tab and select the LSRAM instance that needs to be initialized and click Edit
as shown in the following figure. In this design, LSRAM\_EXE\_MEM instance must be initialized with
the user application.

Figure 14 • Fabric RAMs



4. Double-click the LSRAM\_EXE\_MEM instance to add initialization client and storage location. In the Edit Fabric RAM Initialization Client dialog, select the Content from file option, locate the RV32\_GNU\_SC5\_CCM\_Services.hex file from Libero Project folder, select Storage Type as SPI-Flash, and then click OK as shown in the following figure.

Figure 15 • Edit Fabric RAM Initialization Client





5. Click the **Design Initialization** tab, ensure **SPI-Flash - No-binding Plaintext** is selected for **SPI-Flash Binding** type as shown in the following figure. **SPI clock divider value** must be set to 6. In this reference design, the initialization client is stored in the SPI flash in plaintext format without authentication. Enable security protection for the initialization SPI-Flash client if required.

Figure 16 • Design Initialization



- Click Generate Initialization clients under the **Design Initialization** tab to generate the External SPI-Flash (Non-authenticated) client.
- When the initialization clients are generated, the Generate Initialization clients status window is displayed as shown in the following figure.

Figure 17 • Generate Design Initialization Data



8. Select the **SPI Flash** tab to verify that the SPI flash client is generated as shown in the following figure.

Figure 18 • sNVM Client Verification



Configuration of Design Initialization Data and Memories is successfully completed.



# 2.5 Programming the PolarFire Device and SPI Flash

This section describes how to program the PolarFire device and SPI Flash.

To program the PolarFire device, complete the following steps:

1. Ensure that the jumpers on the splash board are set as specified in the following table.

Table 5 • Jumper Settings

| Jumper             | Description                                                       |
|--------------------|-------------------------------------------------------------------|
| J5, J6, J7, J8, J9 | Close pin 2 and 3 for programming the PolarFire FPGA through FTDI |
| J11                | Close pin 1 and 2 for programming through FTDI chip               |
| J10                | Close pin 1 and 2 for programming through FTDI SPI                |
| J4                 | Close pin 1 and 2 for manual power switching using SW1            |
| J3                 | Open pin 1 and 2 for 1.0 V                                        |
| J35                | Open pin 1 and 2 to enable SPI Flash programming                  |
| J12                | Short pin 3 and 4 for 2.5 V                                       |

- 2. Connect the power supply cable to the **J2** connector on the board.
- 3. Connect the USB cable from the host PC to **J1** (FTDI port) on the board.
- 4. Power on the board using the **SW1** slide switch.

The following figure shows the PolarFire Splash Kit set up to be programmed.

Figure 19 · Board Setup



- 5. Open the Libero project.
- 6. Click Run PROGRAM Action to program the device.
- Double-click Run Program\_SPI\_IMAGE Action to program the SPI flash. A green tick mark is displayed after the successful generation as shown in the following figure.

Figure 20 • Program SPI Flash Image





## 2.5.1 Tera Term Setup

The user application provides a user interface on the Tera Term terminal through the UART interface.

To set up the Tera Term program:

- 1. Ensure that the USB cable connects the host PC to the J1 (USB) port on the PolarFire Splash board.
- 2. Start Tera Term.
- 3. Select **Serial** as the Connection type.
- 4. Set the Serial **Port** to the second highest COM port number from the drop-down list as shown in the following figure. For example, **COM9: FlashPro5 Port [COM9]** in this instance.

Figure 21 • Select Serial as the Connection Type



- 5. In the Tera Term window, go to Setup > Serial port..., set;
  - Baud rate: 115200
  - Transmit delay: 5 msec/char and 5 msec/line

Rest of the serial port settings must be at default state as shown in the following figure and click OK.

Figure 22 • Tera Term Configuration



6. In the **Tera Term** window, go to **Setup > General...**, set the **Language** to **English** and click **OK**, as shown in the following figure. This setup is required for running the Tera Term macro script.

Figure 23 • Tera Term General Setup



This completes the Tera Term program setup.



## 2.6 Running the Demo

After the device is programmed, power cycle the board. The application prints the menu on the Tera Term program through the UART interface, as shown in following figure.

Figure 24 • Application Menu



Use the following test vector to verify the AES CCM encryption and decryption operation:

- AES Key = 404142434445464748494A4B4C4D4E4F
- Nonce = 101112131415161718191A1B
- Additional authentication data (AAD) = 00010203 0405060708090A0B0C0D0E0F10111213
- Input data to Encrypt and authenticate = 202122232425262728292A2B2C2D2E2F3031323334353637

To run the demo:

 Press '1' to perform CCM AES-128 encryption using the User Cryptoprocessor. The application prompts to enter a 128-bit key, as shown in the following figure. The application securely stores the AES key into sNVM using System Service function call.

Figure 25 • Application Menu—Enter 128-bit Key





Enter the AES key provided in the test vector and press Enter. The application prompts for Nonce, as shown in the following figure.

Figure 26 · Application Menu-Nonce



3. Enter the Nonce provided in the test vector and press Enter. The application prompts to enter AAD, as shown in the following figure.

Figure 27 • Application Menu—Additional Authentication Data



4. Enter the AAD provided in the test vector and press Enter. The application prompts to enter input data to encrypt and authenticate, as shown in the following figure.

Figure 28 • Application Menu—Input Data to Encrypt and Authenticate





Enter the input data to encrypt and authenticate provided in the test vector and press Enter. The application prompts to enter the number of octets in authentication field, as shown in the following figure.

Figure 29 · Application Menu—Number of Octets in authentication Field



Press '2' for Encrypted and Authentication data. The result of the CCM AES encryption is printed on the Tera Term program, as shown in the following figure. Observe that the result is matched with the test vector., as shown in the following figure.

Figure 30 • Application Menu—Encrypted and Authentication Data



7. Press any key to continue to evaluate the AES operation. The application prints the AES encryption/decryption menu again on Tera Term program.



8. Press '2' to perform AES CCM decryption using User Cryptoprocessor. The application prompts to enter 128-bit key, as shown in the following figure.

Figure 31 • Application Menu Decryption—Enter 128-bit Key for AES Decryption



Enter the key provided in the preceding test vector and press Enter. The application prompts for Nonce.

Figure 32 • Application Menu Decryption—Nonce



10. Enter the Nonce provided in the test vector and press Enter. The application prompts to enter AAD, as shown in the following figure.

Figure 33 · Application Menu—Additional Authentication Data





11. Enter the AAD provided in the test vector and press Enter. The application prompts to enter input data to encrypt and authenticate, as shown in the following figure.

Figure 34 • Application Menu—Input Data to Encrypt and Authenticate



12. Enter the input data to encrypt and authenticate provided in the test vector and press Enter. The application prompts to enter the number of octets in authentication field, as shown in the following figure.

Figure 35 • Application Menu—Encrypted and Authentication Data



13. Enter '2' to proceed. The result of the AES CCM decryption is printed on the Tera Term program, as shown in the following figure. Observe that the result is matched with the test vector.

Figure 36 • Application Menu—AES CCM Decryption Result





## 2.6.1 Running Tera Term Macro Script

Each sample project contains Tera Term macro script (.ttl) file to test the cryptographic algorithms used in the sample project. The Tera Term macro script contain commands to pass required input test vectors. It also contains the expected output for each input test vector for user verification. The following figure shows the Tera Term macro script available in the sample projects provided in the design file.

Figure 37 • Tera Term Macro Script to Test AES Service

```
RV32_CCM_msg_auth.ttl ⋈
 22; -----
 23; Test Case 1
 24; Inputs
 25;
        8, 3, 44, 20,
 26;
        AES key
            40414243 44454647 48494A4B 4C4D4E4F
 27;
        NONCE
 28;
 29;
            10111213 14151617 18191A1B
 30;
        AAD
            00010203 04050607 08090A0B 0C0D0E0F 10111213
 31;
 32;
        Message P
             20212223 24252627 28292A2B 2C2D2E2F 30313233 34353637
 33;
 34
 35; Output - Encrypted Data
 36;
        E3B201A9 F5B71A7A 9B1CEAEC CD97E70B 6176AAD9 A4428AA5 484392FB C1B09951
 37; ----
 38 send '1'
 39 pause 2
 41 ;Key
 42 send '404142434445464748494a4b4c4d4e4f
 43 pause 1
 45; Nonce
 46 send '101112131415161718191a1b'
 47 pause 1
 48 send 13
 49 pause 1
 51;AAD
 52 send '000102030405060708090a0b0c0d0e0f10111213'
 53 pause 1
 54 send 13
 55 pause 1
 57 ;MSG
 58 send '202122232425262728292A2B2C2D2E2F3031323334353637'
 59 pause 1
```



To run the Tera Term script:

1. On the **Control** menu, click **Macro**, as shown in the following figure.

Figure 38 • Executing Macro Script



2. In the **Open macro** window, select the RV32\_CCM\_msg\_auth.ttl file available in the sample project provided with the design files and click **Open** as shown in the following figure.

Figure 39 • Selecting Macro Script File





Tera Term executes the script and the results are printed on the Tera Term. Compare the output of the AES encryption and decryption service with the test vectors provided in the macro script. The following figure shows the result of the macro script execution.

#### Figure 40 • Macro Script Execution Result

File Edit Setup Control Window Help \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* \*\*\*\*\*\*\*\*\* PolarFire User Crypto CCM Example Project \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* \*\*\*\*\*\*\*\*\*\*\* This example project demonstrates the use of the PolarFire User Crypto CCM service using AES cipher Services. The following CCM services are demonstrated: 1 - Encryption and authenticated. 2 - Decryption and authenticated. Select the CCM operation to perform:
Press key '1' to perform Encryption and Authenticated
Press key '2' to perform Decryption and Authenticated Selected Encryption and Authenticated using CCM. Enter the 128-bit/16-bute key: 404142434445464748494a4b4c4d4e4f Enter the Nonce (max : 16 Bytes): 101112131415161718191a1b Enter the Additional authenticated data (max : 32 Bytes): 000102030405060708090a0b0c0d0e0f 10111213 Enter the input data to encrypt and authenticate (max: 64 bytes): 202122232425262728292A2B2C2D2E2F 3031323334353637 Enter the Number of octets in authentication field: Press key '1' for 4 bytes Press key '2' for 8 bytes Press key '3' for 12 bytes Press key '4' for 16 bytes Encrypted and Authentication data: E3B201A9F5B71A7A9B1CEAECCD97E70B 6176AAD9A4428AA5484392FBC1B09951 Press any key to continue. Select the CCM operation to perform:
Press key '1' to perform Encryption and Authenticated
Press key '2' to perform Decryption and Authenticated Selected Encryption and Authenticated using CCM. Enter the 128-bit/16-byte key: C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF Enter the Nonce (max : 16 Bytes): 00000004030201A0A1A2A3A4A5 Enter the Additional authenticated data (max: 32 Bytes): 0001020304050607

This concludes the demo of User Crypto AES CCM service. Terminate the SoftConsole debugger session.

To run other UserCrypto sample projects, see Appendix: Running UserCrypto Sample Projects, page 25.



# 3 Appendix: Running UserCrypto Sample Projects

The Firmware Catalog contains sample projects to show how to use UserCrypto (CAL) APIs in the user application. You can use the sample projects to evaluate various cryptographic features supported by the User Cryptoprocessor on PolarFire devices. This section provides instructions on how to run UserCrypto sample projects with the provided Libero design.

The following table list the UserCrypto algorithms demonstrated in the sample projects. For more information about the sample projects, refer to the README.txt, file available in the sample projects.

Table 6 • Algorithm

| Algorithm | Parameters and Modes                                                          |
|-----------|-------------------------------------------------------------------------------|
| AES       | AES-ECB-256 encrypt                                                           |
|           | AES-ECB-256 encrypt                                                           |
|           | AES-CCM-128                                                                   |
| GMAC      | AES-GCM-256, 128-bit tag                                                      |
| HMAC      | HMAC-SHA-256, 256-bit key                                                     |
| CMAC      | AES-CMAC-256                                                                  |
| KEY TREE  | 128-bit nonce + 8-bit optype                                                  |
| SHA       | SHA-256                                                                       |
| ECC       | ECDSA SigGen, P-384/SHA-384, DPA                                              |
| IFC (RSA) | Encrypt, RSA-3072, e=65537                                                    |
|           | Decrypt, RSA-3072, CRT, DPA                                                   |
| FFC (DH)  | SigGen, DSA-3072/SHA-384, DPA                                                 |
|           | Key Agreement (KAS), DH-3072                                                  |
| NRBG      | Instantiate: strength, s = 256, 384-bit nonce, 384-bit personalization string |
|           | Generate: (no add input, no prediction resistance) s = 256                    |

**Note:** CCM is used to provide assurance of the confidentiality and the authenticity of computer data by combining the techniques of the Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code (CBC-MAC) algorithm.



To run the sample projects:

Download the sample project from Firmware Catalog by right-clicking on PolarFire UserCrypto
 Driver and select a sample project available through Generate Sample Project > RISC-V >
 SoftConsole 5.2 > project name, as shown in the following figure.

Figure 41 • Firmware Catalog—Sample Projects



**Note:** CCM Services sample project is provided with the design files. Generate other sample projects and import into the SoftConsole workspace.

2. Click **OK** to generate the selected sample project to a local folder on the host PC.

Figure 42 • Generate Sample Project





3. In the SoftConsole, go to File and select Import as shown in the following figure.

Figure 43 • Import Options



Select import source as Existing Projects into Workspace and click Next, as shown in the following figure.

Figure 44 • Select An Import Source





5. In the Import dialog, click **Browse.** to locate the generated sample project in the local PC folder and click **OK**, as shown in the following figure.

#### Figure 45 • Import Dialog



Ensure that the generated project is selected and click Finish to import the generated sample project in a SoftConsole workspace, as shown in the following figure.

Figure 46 • Importing RV32\_Message\_Authentication Project



7. The new sample project is imported in the SoftConsole workspace, as shown in the following figure.

Figure 47 • SoftConsole Workspace—Sample Projects



- 8. Right-click on the imported sample project and click **Build Project** to build the project.
- Start the SoftConsole debugger to run the project. See Running Tera Term Macro Script, page 22 for running the macro script provided in the sample project.



# 4 Appendix: User Cryptoprocessor Simulation

Microsemi Libero SoC PolarFire v2.2 software provides PLI simulation library for the User Cryptoprocessor to show the functional behavior of the User Cryptoprocessor. The PLI library for User Cryptoprocessor is available at <Libero\_Installation\_Directory>/Designer/lib/modelsimpro/pli. The PLI library must be passed to the ModelSim using VSIM command for User Cryptoprocessor simulation. The VSIM command can be set in Libero Project settings under Simulation options.

- VSIM command for Windows: pli <\$Libero\_Installation\_Directory>/Designer/lib/modelsimpro/pli/pf\_crypto\_win\_me\_pli.dll
- VSIM command for Linux: pli <\$Libero\_Installation\_Directory>/Designer/lib/modelsimpro/pli/pf\_crypto\_lin\_me\_pli.so
   Edit <Libero\_Installation\_Directory> to match the location of Libero SoC PolarFire v2.2 on the host PC.
   In the following figure, the Libero installation folder is C:/Microsemi/Libero SoC PolarFire v2.2.

Figure 48 • Libero Project settings—VSIM Command for User Cryptoprocessor Simulation



The simulation steps include:

- Generating the top-level component, which includes Mi-V processor system with PF\_CRYPTO core in it.
- Build Mi-V application with required User Cryptoprocessor functions. User Cryptoprocessor functions are accessible through Athena TeraFire CAL driver.
- 3. Import the Mi-V application hex file into the designated LSRAMs for execution.
- 4. Simulate the complete processor system to execute the imported application image. You can observe that the Mi-V processor sends the commands and data to the User Cryptoprocessor, and the User Cryptoprocessor responds with the result, as shown in the following figure.



Figure 49 • User Cryptoprocessor Simulation