Intel® Arria® 10 Hard Processor System Technical Reference Manual

ID 683711
Date 8/28/2023
Public
Document Table of Contents

A.4.3.2. Boot Fuses

During boot ROM execution, the boot ROM reads user-programmed fuses that configure the boot state of the HPS.

These fuse values are read by the Configuration Subsystem (CSS) after power-up and to the Security Manager where they are read by the boot ROM. The following list describes the basic fuses that affect the state of the HPS:
  • Clock select fuses: Determine the clock frequencies of the MPU clock, the interconnect clocks and the peripheral clocks.
  • Debug fuses: Determine the state of debug during the boot process and during hand-off to the second-stage boot loader.
  • RAM fuses: Determine whether or not the various peripheral RAMs are cleared during a warm reset and how they are cleared (series or parallel).
  • Boot fuses: Determines whether the second-stage boot loader is from on-chip RAM, whether an internal or external clock is used for booting and whether the boot source is solely from FPGA.
  • Security fuses: Determines whether the second-stage boot loader is authenticated or decrypted. If authentication is used, then there are fuses that are read by the boot ROM to determine where the key authorization key (KAK) resides and what its length is.
  • User fuses: The user fuses may either hold proprietary user information or may hold the value of the KAK.
Table 312.   HPS_fusesec Register Description

Bits

Name

Description

31:27 Reserved

Bit values in this field are undefined.

26:23 csel_f

This field indicates the value of the clock select fuses that are available for configuring the clock for the boot interface and for the PLLs. Refer to the Clock Configuration section for more information on CSEL encodings.

22 dbg_access_f This fuse determines the initial state of the debug access domains.
21 dbg_lock_JTAG This field indicates if the HPS JTAG access level can be changed through software when the HPS is released from reset.
  • 0x0= HPS JTAG access level can be changed through the sec_jtagdbg register.
  • 0x1= HPS JTAG access level cannot be changed (locked).
20 dbg_lock_DAP This field indicates if the DAP access level can be changed through software when the HPS is released from reset.
  • 0x0= The DAP access level can be changed through the sec_dapdbg register.
  • 0x1= The DAP access level cannot be changed (locked).
19 dbg_lock_CPU0 This field indicates if the CPU0 debug access level can be changed through software when the HPS is released from reset.
  • 0x0= CPU0 debug access level can be changed through the sec_cpu0dbg register.
  • 0x1= CPU0 debug access level cannot be changed (locked).
18 dbg_lock_CPU1 This field indicates if the CPU1 debug access level can be changed through software when the HPS is released from reset.
  • 0x0= The CPU1 debug access level can be changed through the sec_cpu1dbg register.
  • 0x1= The CPU1 debug access level cannot be changed (locked).
17 dbg_lock_CS This field indicates if the CoreSight debug access level can be changed through software when the HPS is released from reset.
  • 0x0= The CoreSight debug access level can be changed through the sec_csdbg register.
  • 0x1= The CoreSight debug access level cannot be changed (locked).
16 dbg_lock_FPGA This field indicates if the FPGA debug access level can be changed through software when the HPS is released from reset.
  • 0x0= The FPGA debug access level can be changed through the sec_fpgadbg register.
  • 0x1= The FPGA debug access level cannot be changed (locked).
15:12 Reserved

Bit values in this field are undefined.

11 clr_ram_order_f

This fuse value determines how RAMs are cleared during a tamper event.

  • 0x0= All RAMs are cleared in parallel.
  • 0x1= All RAMs are cleared in series.
10 clr_ram_cold_f

This fuse value indicates what happens to the RAM on a cold reset.

  • 0x0= All RAMs are not cleared on a cold reset.
  • 0x1= All RAMs are cleared on a cold reset.
9 clr_ram_warm_f

This fuse value indicates what happens to the RAMs on a warm reset.

  • 0x0= All RAMs are not cleared on a warm reset.
  • 0x1= All RAMs are cleared on a warm reset.
8 oc_boot_f

This fuse value determines if the second-stage boot code is allowed to boot from on-chip RAM.

  • 0x0= Second-stage boot can be from on-chip RAM if enabled by the System Manager.
  • 0x1= Second-stage boot is not from on-chip RAM.
7 hps_clk_f

This fuse value selects the clock used for the boot process and in the case of a tamper event, memory scrambling.

  • 0x0= The external oscillator, HPS_CLK1, is used for boot.
  • 0x1= The internal oscillator, cb_intosc_ls_clk, is used for boot.
6 fpga_boot_f

If blown, this fuse value allows the FPGA to configure independently and allows the HPS to boot from an encrypted next-stage boot source that was decrypted into the FPGA.

  • 0x0= Booting is dependent on the BSEL pins.
  • 0x1= HPS only boots from the FPGA; BSEL options are ignored and CSEL fuse options are ignored.
5 aes_en_f

This fuse value indicates if a decryption of the flash image is always performed.

  • 0x0= An AES decryption of the flash image is determined from the second stage boot loader header.
  • 0x1= An AES decryption of the flash image is always performed.
4:2 kak_src_f

This bit field indicates the source of the Key Authorization Key (KAK) which can be in:

  • Proprietary ROM
  • FPGA logic elements
  • User fuses
1 kak_len_f

This fuse value indicates the Key Authorization Key (KAK) length:

  • 0x0= 256 bits
  • 0x1= 384 bits
0 authen_en_f

This fuse value determines whether authentication of flash images is required prior to execution.

  • 0x0= No authentication of the flash image is required prior to execution.
  • 0x1= HPS authentication of all flash images is required prior to execution.

For more information about the fuses and how they work, refer to the SoC Security chapter.