The use of a Physically Unclonable Function (PUF) for key generation or encryption operations relies on process variation that are intrinsic in the manufacture of devices. In this example a Ring oscillator based PUF is implement.

Two banks of ring oscillators are carefully defined to ensure they are as similar as possible so their exact oscillation frequency is only altered by the intrinsic fabrication process variation in their position on the die and not by any other design consideration. Oscillators from each bank are selected to race, the winner from bank 0 or 1 shifts the bit into a 256 response bit Shift register. It is possible for other logic, SoC activity or external stimuli to affect the performance of the PUF and careful design is required to maximise uniqueness.

Error Correction of any bias is implemented using an initial Majority Voting of a number of PUF responses (default 11) followed by a Bose–Chaudhuri–Hocquenghem cyclic error-correcting coding scheme with the aid of helper data from the TrustZone. The 256 bit PUF response is used to seed a Pseudorandom Number Generator (PRNG) to enable many keys to be generated. ChaCha20 is a stream cipher with a strong pseudorandom function.

Entropy maximisation enables large amounts of unique derived keys to be produced from a single PUF response and the result passes NIST randomness tests.

ARM TrustZone communications use the AMBA interconnect (AXI bus) within a SoC design.