eFUSE registers can be read through JTAG ports. eFUSE programming can be done only via JTAG. The following table lists eFUSE-related JTAG instructions.
| JTAG Instruction | Code | Action |
|---|---|---|
| FUSE_RSA |
011000
|
Selects the FUSE_RSA register |
| FUSE_KEY |
110001
|
Selects the FUSE_KEY register |
| FUSE_DNA |
110010
|
Selects the FUSE_DNA register |
| FUSE_USER |
110011
|
Selects the FUSE_USER register |
| FUSE_USER_128 |
011001
|
Selects the FUSE_USER_128 register |
| FUSE_CNTL |
110100
|
Selects the FUSE_CNTL register |
| FUSE_SEC |
111011
|
Selects the FUSE_SEC register |
The FUSE_CNTL and FUSE_SEC control registers are described in the following two tables. All register bits are defined by an eFUSE and therefore each selection is permanent.
| Bit Position | Name | Description |
|---|---|---|
| 0 | R_DIS_KEY | When programmed to 1, this bit disables the programming of the FUSE_KEY (AES encryption key) register through the JTAG interface and this bit disables the CRC check that verifies the AES encryption key. |
| 1 | R_DIS_USER | When programmed to 1, this bit disables the reading of the FUSE_USER user code register through the JTAG interface, but does not disable reading the user code through the EFUSE_USR primitive. |
| 2 | R_DIS_SEC | When programmed to 1, this bit disables reading of the FUSE_SEC security setting register through the JTAG interface. |
| 3–4 | Reserved | Reserved |
| 5 | W_DIS_CNTL | When programmed to 1, this bit disables programming of the FUSE_CNTL register through the JTAG interface. |
| 6 | R_DIS_RSA | When programmed to 1, this bit disables reading of the authentication key FUSE_RSA register through the JTAG interface. |
| 7 | W_DIS_KEY | When programmed to 1, this bit disables programming of the FUSE_KEY AES encryption key register through the JTAG interface and disables the CRC check that verifies the AES encryption key. |
| 8 | W_DIS_USER | When programmed to 1, this bit disables programming of the FUSE_USER user code register through the JTAG interface. |
| 9 | W_DIS_SEC | When programmed to 1, this bit disables programming of the FUSE_SEC register through the JTAG interface. |
| 10–14 | Reserved | Reserved |
| 15 | W_DIS_RSA | When programmed to 1, this bit disables programming of FUSE_RSA authentication key register through the JTAG interface. |
| 16 | W_DIS_USER_128 | When programmed to 1, this bit disables programming of FUSE_USER_128 user code register through the JTAG interface. |
| 17–23 | Reserved | Reserved UltraScale bits extend through bit 20 and reserved UltraScale+ bits extend through bit 23. |
| Bit Position | Name | Description | RMA Impact |
|---|---|---|---|
| 0 | FUSE_SHAD_SEC[0] | Only allow encrypted bitstreams. | RMA not accepted 1 |
| 1 | FUSE_SHAD_SEC[1] | For encrypted bitstreams, force use of AES key stored in eFUSE. When this bit is NOT programmed, encryption and the key source can be selected via bitstream options - the FPGA can be configured using an unencrypted bitstream, or a bitstream encrypted with a key value stored in battery-backed RAM or eFUSE. | - |
| 2 | RSA_AUTH | Forces RSA authentication. | RMA not accepted 1 |
| 3 | FUSE_SHAD_SEC[3] | Disables external JTAG pins. | RMA analysis limited 2 |
| 4 | SCAN_DISABLE | Disables AMD test access. | RMA analysis limited 2 |
| 5 | CRYPT_DISABLE | Disables decryptor. | - |
| 6 | FUSE_BKS_ENABLE | Enable key obfuscation. | - |
| 7–31 | Reserved | Reserve. | - |
|
|||
Tip:
Zynq UltraScale+ devices have
distinct eFUSE registers unlike the UltraScale architecture FPGA eFUSE
registers. The UltraScale architecture FPGA eFUSE registers are not
supported in Zynq UltraScale+ devices. For Zynq UltraScale+ device eFUSE registers, see the
Zynq UltraScale+ Device Technical Reference Manual (UG1085).