An eFUSE is a small, one-time programmable, non-volatile memory element. The eFUSE arrays store various types of important information. The definition of each bit of an eFUSE is represented in the eFUSE map shown in Table: Zynq UltraScale+ MPSoC Security eFUSEs. The device caches the eFUSE values into registers so that reading the eFUSE value means reading the eFUSE cache and not the physical device eFUSEs. Loading the eFUSE cache occurs during the pre-boot phase, via a register command (EFUSE.EFUSE_CACHE_LOAD) or automatically when the XilSKey library is used. Reading is done from the eFUSE registers at 0xFFCC0000 (see the Zynq UltraScale+ MPSoC Register Reference (UG1087) [Ref 4]).
Because readback is not available on the AES key, a CRC check has been built in to validate that the AES key eFUSE has been programmed correctly. Before the CRC check can be performed on a newly programmed eFUSE, the eFUSE cache must be reloaded.
eFUSEs can be programmed using the XilSKey library. Inputs are provided in the application header file xilskey_efuseps_zynqmp_input.h. The corresponding macro names are listed in Table: Zynq UltraScale+ MPSoC Security eFUSEs. For PUF usage, input is provided via the xilskey_puf_registration.h file. For more information on XilSKey library usage, see the AMD library documentation.
For details on how to program eFUSEs, see Programming BBRAM and eFUSEs Application Note (XAPP1319) [Ref 20].
Size |
Name |
Description |
XilSKey Name: |
---|---|---|---|
32 |
USER_{0:7} |
256 user defined eFUSEs: Note: In the input.h file (see text), write data in the XSK_EFUSEPS_USER{0:7}_FUSES macro and execute the write by setting the XSK_EFUSEPS_USER{0:7}_FUSE macro = True. |
USER{0:7}_FUSE |
1 |
USER_WRLK |
8 user-defined eFUSE locks. Note: Each eFUSE permanently locks the entire corresponding user-defined USER_{0:7} eFUSE row so it cannot be changed. |
USER_WRLK_{0:7} |
1 |
LBIST_EN |
Enables logic BIST to run during boot. |
LBIST_EN |
3 |
LPD_SC |
Enables zeroization of registers in low power domain (LPD) during boot. Note: Any of the eFUSE programmed will perform zeroization. AMD recommends programming all of them. |
LPD_SC_EN |
3 |
FPD_SC |
Enables zeroization of registers in full power domain (FPD) during boot. Note: MGTs must be powered to perform zeroization of the FPD. Note: Any of the eFUSE programmed will perform zeroization. AMD recommends programming all of them. |
FPD_SC_EN |
3 |
PBR_BOOT_ |
When programmed, boot is halted on any PMU error. |
PBR_BOOT_ERR |
32 |
CHASH |
PUF helper data |
N/A - handled by PUF registration software directly. |
24 |
AUX |
PUF helper data: ECC vector |
N/A - handled by PUF registration software directly. |
1 |
SYN_INVLD |
Invalidates PUF helper data stored in eFUSEs. |
XSK_PUF_SYN_INVALID |
1 |
SYN_LOCK |
Locks PUF helper data from future programming. |
XSK_PUF_SYN_WRLK |
1 |
REG_DIS |
Disables PUF registration. |
XSK_PUF_REGISTER_DISABLE |
1 |
AES_RD |
Disables the AES key CRC integrity check for eFUSE key storage. |
AES_RD_LOCK |
1 |
AES_WR |
Locks AES key from future programming. |
AES_WR_LOCK |
1 |
When programmed, all partitions are required to be encrypted. AMD recommends using this only if security is required and the hardware root of trust (RSA_EN) is not used. |
ENC_ONLY |
|
1 |
BBRAM_DIS |
Disables the use of the AES key stored in BBRAM. |
BBRAM_DISABLE |
1 |
ERR_DIS |
Prohibits error messages from being read via JTAG (ERROR_STATUS register). Note: The error is still readable from inside the device. |
ERR_DISABLE |
1 |
JTAG_DIS(1) |
Disables JTAG. IDCODE and BYPASS are the only allowed commands. |
JTAG_DISABLE |
1 |
DFT_DIS(1) |
Disables design for test (DFT) boot mode. |
DFT_DISABLE |
3 |
PROG_GATE |
When programmed, these fuses prohibit the PROG_GATE feature from being engaged. If any of these are programmed, the PL is always reset when the PS is reset. Note: Only one eFUSE needs to be programed to prohibit the PROG_GATE feature from being engaged. AMD recommends programming all three. |
PROG_GATE_DISABLE |
1 |
SEC_LK |
When programmed, the device does not enable BSCAN capability while in secure lockdown. |
SECURE_LOCK |
15 |
When any one of the eFUSEs is programmed, every boot must be authenticated using RSA. AMD recommends programming all 15 eFUSEs. |
RSA_ENABLE |
|
1 |
PPK0_WR |
Primary public key write lock. When programmed, this prohibits future programming of PPK0. |
PPK0_WR_LOCK |
2 |
PPK0_INVLD |
When either of the eFUSEs are programmed, PPK0 is revocated. AMD recommends programming both eFUSEs when revocating PPK0. |
PPK0_INVLD |
1 |
PPK1 WR |
Primary public key write lock. When programmed this prohibits future programming of PPK1. |
PPK1_WR_LOCK |
2 |
PPK1_INVLD |
When either of the eFUSEs are programmed, PPK1 is revocated. AMD recommends programming both eFUSEs when revocating PPK1. |
PPK1_INVLD |
32 |
SPK_ID |
Secondary public key ID. Note: Write the SPK ID bits into the XSK_EFUSEPS_SPK_ID eFUSE array and set XSK_EFUSEPS_SPKID = True. |
SPK_ID |
256 |
AES |
User AES key Note: Write data in the XSK_EFUSEPS_AES_KEY macro and execute the write by setting the XSK_EFUSEPS_WRITE_AES_KEY |
AES_KEY |
384 |
PPK0 |
User primary public key0 HASH Note: Write data in the XSK_EFUSEPS_PPK0_HASH macro. To program 256 bits, use the LSBs and set XSK_EFUSEPS_PPK0_IS_SHA3 = False. To program 384 bits, set XSK_EFUSEPS_PPK0_IS_SHA3 = True. Execute the write by setting the XSK_EFUSEPS_WRITE_PPK0_HASH macro = True. |
PPK0_HASH |
384 |
PPK1 |
User primary public key1 HASH Note: Write data in the XSK_EFUSEPS_PPK1_HASH macro. To program 256 bits, use the LSBs and set XSK_EFUSEPS_PPK1_IS_SHA3 = False. To program 384 bits, set XSK_EFUSEPS_PPK1_IS_SHA3 = True. Execute the write by setting the XSK_EFUSEPS_WRITE_PPK1_HASH macro = True. |
PPK1_HASH |
N/A |
PUF_HD |
Syndrome of PUF HD. These eFUSEs are programmed using AMD provided software, Xilskey |
N/A - handled by PUF registration software directly. |
Note: 1.IMPORTANT. Programming any of the noted eFUSE settings preclude AMD test access. Consequently, AMD does not accept return material authorization (RMA) requests. 2.When the ENC_ONLY or RSA_EN eFUSE is blown, the JTAG boot mode is no longer available. If this was the only mechanism used to program the boot flash, a secondary means should be employed. AMD recommends some other form of in-system flash programming and not relying on booting the device successfully to update the flash contents. |