Visible to Intel only — GUID: bid1652825256410
Ixiasoft
1. Introduction
2. Interface Overview
3. Parameters
4. Designing with the IP Core
5. MACsec Intel® FPGA IP Example Design
6. Functional Description
7. Configuration Registers for MACsec IP
8. MACsec Intel FPGA IP User Guide Archives
9. Document Revision History for the MACsec Intel FPGA IP User Guide
2.2.1.1. Common Port Mux Interface
2.2.1.2. Common Port Demux Interface
2.2.1.3. Controlled Port Mux Interface
2.2.1.4. Controlled Port Demux Interface
2.2.1.5. Uncontrolled Port RX Interface
2.2.1.6. Uncontrolled Port TX Interface
2.2.1.7. Crypto RX Interface
2.2.1.8. Crypto TX Interface
2.2.1.9. Management Interface
2.2.1.10. Decrypt Port Mux Management Interface
2.2.1.11. Decrypt Port Demux Management Interface
2.2.1.12. Encrypt Port Mux Management Interface
2.2.1.13. Encrypt Port Demux Management Interface
2.2.1.14. Crypto IP Management Bus
2.2.1.15. Miscellaneous Control Signals
2.2.2.1. Common Port Mux Interface Waveform
2.2.2.2. Common Port Demux Interface Waveform
2.2.2.3. Controlled Port Mux Interface Waveform
2.2.2.4. Controlled Port Demux Interface Waveform
2.2.2.5. Uncontrolled Port RX Interface Waveform
2.2.2.6. Uncontrolled Port TX Interface Waveform
2.2.2.7. Crypto RX Waveform
2.2.2.8. Crypto TX Waveform
2.2.2.9. MACsec Management Interface (Read)
2.2.2.10. MACsec Management Interface (Write)
Visible to Intel only — GUID: bid1652825256410
Ixiasoft
4.5. MACsec Software Initialization Sequence
To bring up a port as a MACsec control port, there is an initialization sequence that needs to be followed.
Follow the steps below to start the initialization sequence:
- Set “Control port enable” to False (the default value is False).
- Program the per-MACsec instance configuration:
- Set all the global stats counters to 0x0 (default is 0x0).
- Set the key length (False – 128 bits; True – 256 bits) for the MACsec instance associated with the port.
- Set the extended packet numbering mode for the MACsec instance associated with the port (False – regular packet numbering; True – extended packet numbering).
- Zeroing port SAs (GLOBAL_ZERO CSR).
- Optional: Set the confidentiality offset for the MACsec instance (default is 0x0).
- Program the Tx Configuration:
- Set the Tx basic configuration for the MACsec instance.
- Set the packet numbering limit value for the MACsec instance.
- Set the maximum packet bytes supported value for the MACsec instance.
- Set the SCI value for the port.
- Choose a security association and program the following configuration:
- Set the Key value for the SA.
- Set the next packet number value for the SA.
- Set the confidentiality offset value for the SA.
- Initialize all the stats configuration.
- Set the SA value to the chosen security association.
- Program the Rx Configuration:
- Set the Rx basic configuration for the MACsec instance.
- Set the replay window length if the replay protect is enabled for the MACsec instance.
- Set the default SCI per port.
- Program the security channel that is used on the lane by configuring:
- Set the SCI value for the security channel.
- Initialize all the stats configuration.
- Choose a security association and program the following configuration:
- Set the Key value for the SA belonging to the SC.
- Set the next packet number value for the SA belonging to the SC.
- Set the lowest PN value for SA belonging to the SC.
- Initialize all the stats configuration.
- Set the SA value to the chosen security association. If there are multiple security associations programmed on Rx, enable them.
- Once all of the above is programmed, enable the port as a control port.