MACsec Intel® FPGA System Design User Guide

ID 767516
Date 10/02/2023

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents Interrupt Generation and Register

Based on the traffic sent to Crypto HIP, there are several errors that can be flagged and the potential list of errors are listed below.
  • Invalid AES request [0x13]
  • EOB without SOB error [0x3]
  • Transfer without SOB error [0x2]
  • Key RAM uncorrectable error [1]
  • Stream RAM uncorrectable error [0]
  • AES Counter overflow indication [0x7]
  • No Key received for MACsec patterns [0x17]
  • No IV or tweak received for MACsec patterns [0x19]
  • No end of packet for data for MACsec [0x1b]
  • Crypto Core ECC error [0x20]
  • FIFO Overflow [0x21]
  • MAC RAM ECC error [0x22]
  • Pack/Depack ECC error [0x23]
These errors are flagged through the TUSER.error_status and TUSER.error_code signals of the AXI-ST interface. These fatal errors are not expected since they are generated due to either invalid configuration or invalid packet format. Any errors observed from the Crypto needs to be root-caused and fixed in hardware or configuration.
Figure 40. MACSEC Interrupt Block
  • MACsec IP implements 2 types of interrupts:
    • NextPN counters
    • Error
  • The SADB maintains the NextPN counter for Tx. An interrupt is generated for the below scenarios to signal rekeying is required.
    • NextPN >= Pre-exhaustion Tx PN limit CSR
    • NextPN = 0 for the SA
    • SA not enabled (identified through Encoding SA in TX_LANE_SC0_ENCOD_SA CSR)
    • MACsec IP stopped operation when encountering a crypto error and triggered an interrupt.
    • MACsec driver allows user call back function for interrupt handling.