UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

AR# 50324

iMPACT 13.x/14.x, Spartan-6 - Efuse AES key programming fails verify

Description

If programming Spartan-6 Efuse AES key bits using iMPACT, the operation fails with a Verify error and messages similar to the following:

'1': Reading AES Key register using default margin, fuse 1 OR'ed with fuse2...
'1': Verifying AES Key register using default margin, fuse 1 OR'ed with fuse2...
'1': Reading AES Key register using default margin, fuse 1 only...
'1': Verifying AES Key register using default margin, fuse 1 only...
'1': Reading AES Key register using default margin, fuse 2 only...
'1': Verifying AES Key register using default margin, fuse 2 only...
'1': Reading AES Key register using margin read, fuse 1 only...
'1': Verifying AES Key register using margin read, fuse 1 only...
'1': Data to be programmed for AES Key = <my key>
'1': Actual programmed data read from AES Key = <my key, but with one bit reversed>
'1': Verify failed.

Has the AES key been incorrectly programmed? Can I use the device?

Solution

This issue is caused by an incorrect margin read of the AES Efuse key. As there is margin built into iMPACT, the key has been programmed correctly in all cases seen to date. This means that programming a bitstream encrypted with the key should program the device correctly. In the case where the key is programmed correctly, programming a bitstream encrypted with this key should program the device.

A security concern is that the remaining eFUSE bits programmed during this operation will not be programmed. This includes the Key Security bits in the FUSE_CNTL register. This means that immediately after the Verify operation fails, the AES key programmed will be readable over JTAG. To ensure that the key is secure, you must then program the FUSE_CNTL register with your required values, including the Key Security bit.

This issue will be resolved in iMPACT 14.3.

Linked Answer Records

Master Answer Records

Answer Number Answer Title Version Found Version Resolved
47890 14.x iMPACT - Known Issues for the iMPACT 14.x tools N/A N/A
AR# 50324
Date Created 06/06/2012
Last Updated 10/05/2012
Status Active
Type General Article
Devices
  • Spartan-6
Tools
  • ISE Design Suite - 14
  • ISE Design Suite - 13