From 5c66ed05f266eede65deb24505cec4da8c9abad6 Mon Sep 17 00:00:00 2001
From: Michael Norris <108370498+Nitsirks@users.noreply.github.com>
Date: Wed, 1 Nov 2023 11:02:32 -0700
Subject: [PATCH] Update Caliptra_rtl.md

Adding specific signal names for flops to remove from scan chain to protect obfuscation key leakage.
---
 docs/Caliptra_rtl.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/Caliptra_rtl.md b/docs/Caliptra_rtl.md
index 4628f74a0..39963e0a3 100644
--- a/docs/Caliptra_rtl.md
+++ b/docs/Caliptra_rtl.md
@@ -586,7 +586,7 @@ The following table describes SoC integration requirements.
 | Deobfuscation Key                | If not driven through PUF, SoC backend flows shall ECO the deobfuscation key before tapeout.                                                                                                                                              | Statement of conformance | Required by UDS and Field Entropy threat model    |
 | Deobfuscation Key                | Rotation of the deobfuscation key (if not driven through PUF) between silicon steppings of a given product (for example, A0 vs. B0 vs. PRQ stepping) is dependent on company-specific policies.                                           | Statement of conformance | Required by UDS and Field Entropy threat model    |
 | Deobfuscation Key                | SoC backend flows should not insert deobfuscation key flops into the scan chain.                                                                                                                                                          | Synthesis report         | Required by UDS and Field Entropy threat model    |
-| Deobfuscation Key                | For defense in depth, it is strongly recommended that debofuscation key flops are not on the scan chain.                                                                                                                                  |                          | Caliptra HW threat model                          |
+| Deobfuscation Key                | For defense in depth, it is strongly recommended that debofuscation key flops are not on the scan chain. <br> Remove the following signals from the scan chain: <br> cptra_scan_mode_Latched_d <br> cptra_scan_mode_Latched_f <br> field_storage.internal_obf_key | Statement of conformance | Caliptra HW threat model |
 | CSR Signing Key                  | SoC backend flows shall generate CSR signing key with appropriate NIST compliance as dictated in the Caliptra RoT specification.                                                                                                          | Statement of conformance | Required by IDevID threat model                   |
 | CSR Signing Key                  | Rotation of the CSR private key between silicon steppings of a given product (for example, A0 vs. B0 vs. PRQ stepping) is dependent on company-specific policies.                                                                         | Statement of conformance |                                                   |
 | CSR Signing Key                  | SoC backend flows should not insert CSR signing key flops into the scan chain.                                                                                                                                                            | Synthesis report         | Required by IDevID threat model                   |