diff --git a/.github/workflow_metadata/pr_hash b/.github/workflow_metadata/pr_hash
index 9f380ce..2e587ef 100644
--- a/.github/workflow_metadata/pr_hash
+++ b/.github/workflow_metadata/pr_hash
@@ -1 +1 @@
-b8a070a37f8112e3943952faade09246fba63e70cd902795b8c682d2cded1b1a4ca139975bb832bc46f642fb7577347b
\ No newline at end of file
+a595024ac6beff7fb06896cffc8e64daa085dd8ac831b8f4f97a6f835e1de1a4442910cc62cc8a5e35e3fe24246c409c
\ No newline at end of file
diff --git a/.github/workflow_metadata/pr_timestamp b/.github/workflow_metadata/pr_timestamp
index cd78241..0e08115 100644
--- a/.github/workflow_metadata/pr_timestamp
+++ b/.github/workflow_metadata/pr_timestamp
@@ -1 +1 @@
-1737655168
\ No newline at end of file
+1737666013
\ No newline at end of file
diff --git a/src/mldsa_top/rtl/mldsa_ctrl.sv b/src/mldsa_top/rtl/mldsa_ctrl.sv
index 89de5c5..5b925c3 100644
--- a/src/mldsa_top/rtl/mldsa_ctrl.sv
+++ b/src/mldsa_top/rtl/mldsa_ctrl.sv
@@ -292,7 +292,9 @@ always_comb mldsa_privkey_lock = '0;
   logic [ENTROPY_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] entropy_reg;
   logic [SEED_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] seed_reg;
   logic [MSG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] msg_reg;
-  logic [EXTERNAL_MU_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] external_mu_reg;
+  logic internal_mu_we;
+  logic [MU_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] internal_mu_reg;
+  logic [MU_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] external_mu_reg;
   logic [SIGN_RND_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] sign_rnd_reg;
   logic [7:0][63:0] rho_p_reg;
   logic [3:0][63:0] rho_reg;
@@ -391,7 +393,7 @@ always_comb mldsa_privkey_lock = '0;
   
   always_comb zeroize = mldsa_reg_hwif_out.MLDSA_CTRL.ZEROIZE.value || debugUnlock_or_scan_mode_switch;
   
-  always_comb external_mu = mldsa_reg_hwif_out.MLDSA_CTRL.EXTERNAL_MU.value;
+  always_comb external_mu = 0; //mldsa_reg_hwif_out.MLDSA_CTRL.EXTERNAL_MU.value; //TODO: enable after ExternalMu validation
   always_comb mldsa_reg_hwif_in.MLDSA_CTRL.EXTERNAL_MU.hwclr = mldsa_reg_hwif_out.MLDSA_CTRL.EXTERNAL_MU.value;
   
   always_comb begin // mldsa reg writing 
@@ -431,8 +433,10 @@ always_comb mldsa_privkey_lock = '0;
       `endif
     end
 
-    for (int dword=0; dword < EXTERNAL_MU_NUM_DWORDS; dword++)begin
-      external_mu_reg[dword] = mldsa_reg_hwif_out.MLDSA_EXTERNAL_MU[EXTERNAL_MU_NUM_DWORDS-1-dword].EXTERNAL_MU.value;
+    for (int dword=0; dword < MU_NUM_DWORDS; dword++)begin
+      external_mu_reg[dword] = mldsa_reg_hwif_out.MLDSA_EXTERNAL_MU[MU_NUM_DWORDS-1-dword].EXTERNAL_MU.value;
+      mldsa_reg_hwif_in.MLDSA_EXTERNAL_MU[dword].EXTERNAL_MU.we = internal_mu_we & !external_mu & !zeroize;
+      mldsa_reg_hwif_in.MLDSA_EXTERNAL_MU[dword].EXTERNAL_MU.next = internal_mu_reg[MU_NUM_DWORDS-1-dword];
       mldsa_reg_hwif_in.MLDSA_EXTERNAL_MU[dword].EXTERNAL_MU.hwclr = zeroize;
     end
   
@@ -955,20 +959,10 @@ always_comb mldsa_privkey_lock = '0;
     end
   end
 
-    always_ff @(posedge clk or negedge rst_b) begin
-    if (!rst_b) begin
-      mu_reg <= 0;
-    end
-    else if (zeroize) begin
-      mu_reg <= 0;
-    end
-    else if (external_mu_mode)
-      mu_reg <= external_mu_reg;
-    else if (sampler_state_dv_i) begin
-      if (prim_instr.operand3 == MLDSA_DEST_MU_REG_ID) begin
-        mu_reg <= sampler_state_data_i[0][511:0];
-      end
-    end
+  always_comb begin
+    internal_mu_we = sampler_state_dv_i & (prim_instr.operand3 == MLDSA_DEST_MU_REG_ID);
+    internal_mu_reg = sampler_state_data_i[0][511:0];
+    mu_reg = external_mu_reg;
   end
 
   // without zeroize to make it more complex
@@ -1026,10 +1020,7 @@ always_comb mldsa_privkey_lock = '0;
       keygen_signing_process <= 0;
     end
     else begin
-      mldsa_valid_reg <= mldsa_valid_reg | 
-                             (keygen_process & keygen_done) |
-                             (signing_process & signature_done) |
-                             (verifying_process & verify_done);
+      mldsa_valid_reg <= mldsa_valid_reg | process_done;
       y_valid <= set_y_valid ? 1 :
                  clear_y_valid ? 0 :
                  y_valid;
@@ -1045,10 +1036,10 @@ always_comb mldsa_privkey_lock = '0;
       verify_valid <= set_verify_valid ? 1 :
                       clear_verify_valid ? 0 :
                       verify_valid;
-      keygen_process <= keygen_process | keygen_process_nxt;
-      signing_process <= signing_process | signing_process_nxt;
-      verifying_process <= verifying_process | verifying_process_nxt;
-      keygen_signing_process <= keygen_signing_process | keygen_signing_process_nxt;
+      keygen_process <= process_done ? '0 : keygen_process | keygen_process_nxt;
+      signing_process <= process_done ? '0 : signing_process | signing_process_nxt;
+      verifying_process <= process_done ? '0 : verifying_process | verifying_process_nxt;
+      keygen_signing_process <= process_done ? '0 : keygen_signing_process | keygen_signing_process_nxt;
     end
   end
 
@@ -1059,7 +1050,7 @@ always_comb mldsa_privkey_lock = '0;
   always_ff @(posedge clk or negedge rst_b) begin
     if (!rst_b)
       external_mu_mode <= 0;  
-    else if (zeroize)
+    else if (zeroize | process_done)
       external_mu_mode <= 0;  
     else if (process_done)
       external_mu_mode <= 0;
diff --git a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv
index 5a81ff6..f159242 100644
--- a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv
+++ b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv
@@ -34,7 +34,7 @@ package mldsa_ctrl_pkg;
 
     localparam SEED_NUM_DWORDS = 8;
     localparam MSG_NUM_DWORDS = 16;
-    localparam EXTERNAL_MU_NUM_DWORDS = 16;
+    localparam MU_NUM_DWORDS = 16;
     localparam PRIVKEY_NUM_DWORDS = 1224;
     localparam PRIVKEY_REG_NUM_DWORDS = 32;
     localparam PRIVKEY_REG_RHO_NUM_DWORDS = 8;
diff --git a/src/mldsa_top/rtl/mldsa_reg.rdl b/src/mldsa_top/rtl/mldsa_reg.rdl
index 9865489..f18170e 100644
--- a/src/mldsa_top/rtl/mldsa_reg.rdl
+++ b/src/mldsa_top/rtl/mldsa_reg.rdl
@@ -185,7 +185,8 @@ addrmap mldsa_reg {
                 The external_mu can be any 512-bit value in [0 : 2^512-1].";
 
         default sw = w;
-        default hw = r;
+        default hw = rw;
+        default we = true;
         default resetsignal = reset_b;
         field {desc = "Input message field"; swwe = mldsa_ready; hwclr;} EXTERNAL_MU[32] = 32'b0;
     
diff --git a/src/mldsa_top/rtl/mldsa_reg.sv b/src/mldsa_top/rtl/mldsa_reg.sv
index 51c705c..a0f7b61 100644
--- a/src/mldsa_top/rtl/mldsa_reg.sv
+++ b/src/mldsa_top/rtl/mldsa_reg.sv
@@ -745,6 +745,9 @@ module mldsa_reg (
             if(decoded_reg_strb.MLDSA_EXTERNAL_MU[i0] && decoded_req_is_wr && hwif_in.mldsa_ready) begin // SW write
                 next_c = (field_storage.MLDSA_EXTERNAL_MU[i0].EXTERNAL_MU.value & ~decoded_wr_biten[31:0]) | (decoded_wr_data[31:0] & decoded_wr_biten[31:0]);
                 load_next_c = '1;
+            end else if(hwif_in.MLDSA_EXTERNAL_MU[i0].EXTERNAL_MU.we) begin // HW Write - we
+                next_c = hwif_in.MLDSA_EXTERNAL_MU[i0].EXTERNAL_MU.next;
+                load_next_c = '1;
             end else if(hwif_in.MLDSA_EXTERNAL_MU[i0].EXTERNAL_MU.hwclr) begin // HW Clear
                 next_c = '0;
                 load_next_c = '1;
diff --git a/src/mldsa_top/rtl/mldsa_reg_pkg.sv b/src/mldsa_top/rtl/mldsa_reg_pkg.sv
index 3b77e4b..5522210 100644
--- a/src/mldsa_top/rtl/mldsa_reg_pkg.sv
+++ b/src/mldsa_top/rtl/mldsa_reg_pkg.sv
@@ -101,6 +101,8 @@ package mldsa_reg_pkg;
     } mldsa_reg__MLDSA_VERIFY_RES__in_t;
 
     typedef struct packed{
+        logic [31:0] next;
+        logic we;
         logic hwclr;
     } mldsa_reg__MLDSA_EXTERNAL_MU__EXTERNAL_MU__in_t;