Integration Guide

This guide covers the complete SoC integration of the zeroRISC root-of-trust IP block from RTL delivery through tapeout signoff.

1. Bus Interface Connection

The zeroRISC RoT IP exposes two bus interfaces: an AHB-Lite slave for host access (configuration and status registers) and an AXI4-Lite master for DMA operations (SRAM certificate buffer access). Select the interface appropriate for your SoC interconnect at integration time via the BUS_IF_SEL parameter.

// Verilog instantiation (AHB-Lite selection)
zerorisc_rot_top #(
  .BUS_IF_SEL  (BUS_AHB_LITE),
  .FOUNDRY_NODE(TSMC_28HPM)
) u_rot (
  .clk_i       (clk),
  .rst_ni      (rst_n),
  .ahb_haddr   (ahb_haddr),
  .ahb_hwdata  (ahb_hwdata),
  .ahb_hrdata  (ahb_hrdata),
  .ahb_hwrite  (ahb_hwrite),
  .ahb_htrans  (ahb_htrans),
  .ahb_hready  (ahb_hready),
  .ahb_hresp   (ahb_hresp),
  .alert_tx_o  (rot_alert_tx)
);

2. Power Domain Setup

The RoT IP requires two power domains:

  • VDD_ROT (core logic): 0.8V–1.1V, node-dependent. This domain must be held low until provisioning completes. Always-on during operation.
  • VDD_OTP (OTP controller): May differ from core domain depending on OTP cell technology. Consult foundry PDK documentation.

The power-on sequence must ensure VDD_ROT ramps before the main SoC core domain to guarantee the lifecycle controller asserts CPU reset properly.

3. DFT Insertion

The RoT IP includes DFT hooks for scan insertion. Key ports:

.scan_mode_i      (scan_mode),   // high during scan test
.scan_en_i        (scan_en),     // scan enable
.scan_rst_ni      (scan_rst_n),  // scan reset

The OTP controller and alert handler are excluded from scan chains by design (security boundary). Include only the crypto datapath and state machine in OEM scan.

4. Alert Bus Connection

Connect the alert_tx_o bus to your SoC alert handler. The RoT IP generates four alert signals: FATAL_FAULT, RECOV_FAULT, GLITCH_DETECTED, and TAMPER_DETECTED. Configure the alert handler escalation target for FATAL and TAMPER to trigger a system-level reset or key wipe action.

5. Synthesis Constraints

Apply the provided SDC file before synthesizing the SoC-level netlist. The constraints include:

  • False path declarations on scan test ports (do not timing-analyze scan paths)
  • Multi-cycle path declarations for OTP programming sequences (intentionally slow)
  • Max fanout and max transition constraints for the alert bus to maintain clean alerting timing

6. Tapeout Checklist

  • DRC/LVS run clean on pre-validated LEF/GDS abstract views
  • OTP timing verified at all process/voltage/temperature corners
  • Alert bus fanout meets SDC constraint at SS/0.8V/125°C
  • Power domains correctly annotated in UPF/CPF
  • Sensor mesh connectivity verified (routing layer DRC rule check)
  • Provisioning test vectors pass on pre-silicon simulation
  • FIPS certification scope reviewed by zeroRISC application engineer

Contact zeroRISC engineering to schedule a tapeout checklist review call before fab submission.