AES key recovery doesn't work for the PSOC62 target board

Hi.

I recently got another one target board to evaluate which is PSOC62 based target board (CW308T-PSoC62 - NewAE Hardware Product Documentation).
This board has pretty interesting MCU.
I didn’t find any information in the Newae resources regarding countermeasures to protect AES for the PSOC62 MCU.
At the first glance, there are no random delays but the AES-128 key cannot be recovered using the “lastround_HD_gen”, “sboxInOut_HD_gen”, “sbox_HW_gen” leakage models.

The complete picture of AES-128 pass looks:


This picture clearly reveals AES location in the power traces.

Zoomed in picture looks:

Using the “lastround_HD_gen” attack, we can take safely take the range [2000 … 2500] but for the “sbox_HW_gen”, “sboxInOut_HD_gen” the range [1500 … 2000].

More zoomed in picture which looks perfect in my opinion:

As a result I get only junk bytes for the key regardless of having perfect power traces:

Does PSOC62 use masking to protect HW AES? Did someone break HW AES-128 on this MCU?