Intel® Arria® 10 Hard Processor System Technical Reference Manual

ID 683711
Date 1/10/2023
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

7.1.3.1.1. Secure Fuses

During initialization of the device, the Configuration Subsystem (CSS) sends the value of the HPS secure fuses to the HPS and holds a copy of the FPGA secure fuses. The HPS and FPGA each hold their own fuse values. However, a copy of these fuse values is held in the HPS_fusesec and fpga_fusesec registers within the Security Manager.

The following table details the HPS security fuse bits sent by the CSS to the Security Manager and contained within the HPS_fusesec register. A "blown" fuse state is represented by a 1 in the HPS_fusesec register and a "not blown" fuse state is represented by a 0.

Table 31.   HPS_fusesec Register Description

Bits

Name

Description

31:27 Reserved

Bit values in this field are undefined.

26:23 csel_f

This field indicates the value of the clock select fuses that are available for configuring the clock for the boot interface and for the PLLs. Refer to the Clock Configuration section for more information on CSEL encodings.

22 dbg_access_f This fuse determines the initial state of the debug access domains.
21 dbg_lock_JTAG This field indicates if the HPS JTAG access level can be changed through software when the HPS is released from reset.
  • 0x0= HPS JTAG access level can be changed through the sec_jtagdbg register.
  • 0x1= HPS JTAG access level cannot be changed (locked).
20 dbg_lock_DAP This field indicates if the DAP access level can be changed through software when the HPS is released from reset.
  • 0x0= The DAP access level can be changed through the sec_dapdbg register.
  • 0x1= The DAP access level cannot be changed (locked).
19 dbg_lock_CPU0 This field indicates if the CPU0 debug access level can be changed through software when the HPS is released from reset.
  • 0x0= CPU0 debug access level can be changed through the sec_cpu0dbg register.
  • 0x1= CPU0 debug access level cannot be changed (locked).
18 dbg_lock_CPU1 This field indicates if the CPU1 debug access level can be changed through software when the HPS is released from reset.
  • 0x0= The CPU1 debug access level can be changed through the sec_cpu1dbg register.
  • 0x1= The CPU1 debug access level cannot be changed (locked).
17 dbg_lock_CS This field indicates if the CoreSight debug access level can be changed through software when the HPS is released from reset.
  • 0x0= The CoreSight debug access level can be changed through the sec_csdbg register.
  • 0x1= The CoreSight debug access level cannot be changed (locked).
16 dbg_lock_FPGA This field indicates if the FPGA debug access level can be changed through software when the HPS is released from reset.
  • 0x0= The FPGA debug access level can be changed through the sec_fpgadbg register.
  • 0x1= The FPGA debug access level cannot be changed (locked).
15:12 Reserved

Bit values in this field are undefined.

11 clr_ram_order_f

This fuse value determines how RAMs are cleared during a tamper event.

  • 0x0= All RAMs are cleared in parallel.
  • 0x1= All RAMs are cleared in series.
10 clr_ram_cold_f

This fuse value indicates what happens to the RAM on a cold reset.

  • 0x0= All RAMs are not cleared on a cold reset.
  • 0x1= All RAMs are cleared on a cold reset.
9 clr_ram_warm_f

This fuse value indicates what happens to the RAMs on a warm reset.

  • 0x0= All RAMs are not cleared on a warm reset.
  • 0x1= All RAMs are cleared on a warm reset.
8 oc_boot_f

This fuse value determines if the second-stage boot code is allowed to boot from on-chip RAM.

  • 0x0= Second-stage boot can be from on-chip RAM if enabled by the System Manager.
  • 0x1= Second-stage boot is not from on-chip RAM.
7 hps_clk_f

This fuse value selects the clock used for the boot process and in the case of a tamper event, memory scrambling.

  • 0x0= The external oscillator, HPS_CLK1, is used for boot.
  • 0x1= The internal oscillator, cb_intosc_ls_clk, is used for boot.
6 fpga_boot_f

If blown, this fuse value allows the FPGA to configure independently and allows the HPS to boot from an encrypted next-stage boot source that was decrypted into the FPGA.

  • 0x0= Booting is dependent on the BSEL pins.
  • 0x1= HPS only boots from the FPGA; BSEL options are ignored and CSEL fuse options are ignored.
5 aes_en_f

This fuse value indicates if a decryption of the flash image is always performed.

  • 0x0= An AES decryption of the flash image is determined from the second stage boot loader header.
  • 0x1= An AES decryption of the flash image is always performed.
4:2 kak_src_f

This bit field indicates the source of the Key Authorization Key (KAK) which can be in:

  • Proprietary ROM
  • FPGA logic elements
  • User fuses
1 kak_len_f

This fuse value indicates the Key Authorization Key (KAK) length:

  • 0x0= 256 bits
  • 0x1= 384 bits
0 authen_en_f

This fuse value determines whether authentication of flash images is required prior to execution.

  • 0x0= No authentication of the flash image is required prior to execution.
  • 0x1= HPS authentication of all flash images is required prior to execution.

At initialization, the FPGA also receives fuse information that is pertinent to its configuration. The HPS can read this information through a secure serial interface, which shifts the FPGA fuse values into the fpga_fusesec register in the Security Manager. The CSS shifts in a 32-bit value although some of the bits are considered reserved.