Tamper Monitoring and Response

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
Release Date
2.4 English

The primary function of the CSU SPB post-boot is to monitor the system for a tamper event. Table: Tamper and Control Registers Channels lists the twelve different monitoring functions that can be configured.

The PS system monitor (SYSMON unit) triggering limits for voltage and temperature alarms are user defined and configured.

°The csu_tamper_4 and csu_tamper_5 registers generate an over and under temperature alarm when the PS SYSMON unit “threshold mode” is set to 1.

The PL SEU alarm is a runtime health check of the programmable logic.

Activity on the external PSJTAG interface pins can be detected from within the device and reported on the JTAG toggle detect alarm.

The CSU can act as a centralized tamper monitor and response hub for a system.

Single external tamper detect signal through MIO.

The csu_tamper_x registers are write to clear (WTC) so that once a tamper is detected, the tamper alarm can be cleared by writing to the corresponding register.

Table 12-2:      Tamper and Control Registers Channels


Event Source


PS SYSMON voltage alarm for PS GTR (VTT and VCC are both monitored).


PS SYSMON voltage alarm for PSIO bank 3.


PS SYSMON voltage alarm for PSIO bank 0/1/2 (all three banks).


PS SYSMON voltage alarm for VCC_PSINTFP_DDR.


PS SYSMON voltage alarm for VCC_PSAUX.


PS SYSMON voltage alarm for VCC_PSINTFP.


PS SYSMON voltage alarm for VCC_PSINTLP.


PS SYSMON upper and lower temperature alarms for FPD.


PS SYSMON upper and lower temperature alarms for LPD.


PL single event upset (SEU) error.


JTAG toggle detect.(1)


Input signal via MIO pin.(2)


CSU register.


1.The tamper event is caused by toggling the TDI or TMS input signals on the dedicated JTAG pins. The PJTAG interface signals on the MIO are not monitored. The JTAG toggle detect system interrupt is persistent and cannot be cleared until a power-on reset (POR) is done. If this response is chosen, the interrupt must be disabled (masked) after detection to prevent an endless interrupt loop.

2.Assert the MIO tamper input (tamper 1) High until the Tamper Response occurs as configured by the csu_tamper_1 register (Table: Tamper Monitor and Response Bits). If the system is reset using the PS_RESET_B, then de-assert the MIO tamper signal before releasing PS_RESET_B.

The external tamper detect signals on MIO are listed in Table: External Tamper Detect Signal on MIO.

Table 12-3:      External Tamper Detect Signal on MIO

CSU Signal

MIO Pins


Default Input Value to Controller





After a tamper event occurs, how the CSU responds is user configurable. Table: Tamper Monitor and Response Bits indicates which bit in the tamper response registers to set to obtain a specific tamper response for each tamper event. Multiple tamper response bits can be set for each tamper event. When more than one response bit [3:0] is set, the highest MSB that is set determines the tamper response. If bit [4] and one of the bits [3:0] are set, the BBRAM key is erased and the CSU generates the response associated with the MSB. For example, if bits 1, 2, and 4 are set, the BBRAM key is erased and secure lockdown occurs (no reset).

Table 12-4:      Tamper Monitor and Response Bits

Bit [4:0]


1 xxxx

Erase the BBRAM key and the response based on the MSB of bits [3:0], if any are set.(1) (3)

x 1xxx

Secure lockdown and 3-states all I/O pins including MIO, PS dedicated, and PL.(2)

x 01xx

Secure lockdown.

x 001x

System reset.

x 0001

System interrupt (GIC IRQ# 117).


1.For example, if bit 4, 3, and 2 are all set, the tamper event erases the BBRAM, generates a secure lockdown, and 3-states on all I/Os.

2.The CSU hardware 3-states the PL I/Os and the CSU ROM code writes 1s to the MIO_MST_TRI {0:2} registers.

3.Bit 4 is set for all CSU_TAMPER registers except for the CSU_TAMPER_0 register. For the CSU_TAMPER_0 register, BBRAM is cleared using Bit 5.

The registers are readable but can only be set on write accesses. Specifically, once a specific tamper response is selected for a given tamper event, the bit selecting that response cannot be cleared except by a POR. This prevents incorrect or rogue software from accidentally decreasing the tamper response penalty. Tamper responses can only be added.