MACsec Intel® FPGA IP User Guide

ID 736108
Date 3/31/2024
Document Table of Contents

4.4. Reset Transactions

The whole MACsec IP is reset through subsystem_cold_rst_n assertion/deassertion. There are 2 additional resets, app_ip_lite_areset_n and app_ip_st_areset_n, which can be triggered to reset the CSR block and the remaining logic blocks respectively as shown in the figure below. The cold reset "rst_ack collector" collects the rst_ack_n status from all sub-blocks to assert (to low) or deassert (to high) the subsystem_cold_rst_ack_n accordingly.

During the subsystem cold reset assertion, the AXI-ST and AXI-Lite READY signals are deasserted to indicate that the respective interfaces are not ready to accept a transaction. The reset assertion propagates to AES Crypto IP through the aes_ip_add_rst_n signal. When the reset is deasserted, the Crypto IP signals are ready to accept request through the aes_app_ip_rst_ack_n signal assertion. The MACsec READY signals are then asserted after the MACsec IP and Crypto IP come out of reset and requests can be submitted to the IP.

The MACsec IP implements a software reset in a CSR register. The software resets the core logic, leaving the configuration registers unchanged. The MACsec IP is in the reset state as long as the CSR bit is set to 0. While in this state, no traffic is allowed in either MACsec IP direction.

If you assert the app_ip_st_areset_n, the MACsec SADB contents are not reset. All the data path and Crypto IP key storage are reset through this reset assertion. You are required to reprogram the key and the nextpn CSRs for Tx/Rx SC/SA in the MACsec IP to be operational. All other SC/SA fields can be reprogrammed as well if needed.

Resets can be used simultaneously and all resets are active-low level sensitive. The software reset is asserted whenever the cold_reset or Axi_lite and tready is high.

Figure 18. MACsec IP Reset Tree