UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

AR# 63206

7 Series FPGAs: How do I program 7 series eFUSEs with Vivado Tcl?

Description

The Vivado GUI support the programming of 7 series eFUSEs.

Is it possible to program 7 series eFUSEs using Vivado Tcl?

Solution

Below are the Vivado TCL commands for programming the 7 series eFUSEs:

  • FUSE_KEY and FUSE_USER
  • FUSE_CNTL

 

Programming the 256-bit FUSE_KEY and 32-bit FUSE_USER:

The 256-bit AES key should be in the Vivado generated NKY file and assigned to the hw_device as shown in the create_hw_bitstream call below. 

The FUSE_KEY and FUSE_USER (32-bit FUSE_USER is specified in hex) are programmed as shown below:

create_hw_bitstream -hw_device [lindex [get_hw_devices] 0] -nky {ky_8led_bbr_key_aa00bb11cc22dd33ee44ff88.nky}
program_hw_devices -key {efuse} -user_efuse {EEDDCC45}  [lindex [get_hw_devices] 0]

Note that after programming the FUSE_KEY and FUSE_USER, further programming attempts will be blocked.

 

To read the programmed FUSE_USER, type:

get_property REGISTER.EFUSE.FUSE_USER [current_hw_device]

 

For security reasons, there is no Vivado Tcl command to read the 7 series AES key.

 

Programming the FUSE_CNTL bits:

 The FUSE_CNTL bits can be programmed after programming the FUSE_KEY and FUSE_USER registers. 

The following screen capture shows the different FUSE_CNTL bits available.

 

image2.jpg

 

To disable reading of the AES key, assign a hex value that corresponds to bit 3 being set as shown below:

program_hw_devices -control_efuse {08} [lindex [get_hw_devices] 0]

 

To read the programmed FUSE_CNTL, use the following command::

get_property REGISTER.EFUSE.FUSE_CNTL [current_hw_device]

 

Note that successive programming attempts are allowed to the FUSE_CNTL register to make the device more secure. 

For example, the previous FUSE_CNTL programming operation disabled the reading of the AES_FUSE_KEY. 

To disable reading of the FUSE_USER code, another FUSE_CNTL program operation is allowed. 

Make sure to specify the bits that were already set along with the new bit(s) to be set.

 

image3.jpg



 

For example, specify the hex value 0x06 which has bit 4 and the previously specified bit 3 set when programming FUSE_CNTL:

program_hw_devices -control_efuse {18} [lindex [get_hw_devices] 0]

 

To verify FUSE_KEY:

create_hw_bitstream -hw_device [lindex [get_hw_devices] 0] -nky {test.nky}
verify_hw_devices -key {efuse} [current_hw_device]

 

To verify FUSE_USER:

verify_hw_devices -user_efuse {56ab7847}

 

To verify FUSE_CNTL:

verify_hw_devices control_efuse {1b}

 

The get_property command can be used to read the FUSE_USER and FUSE_CNTL. 

The FUSE_KEY cannot be read back.

AR# 63206
Date Created 12/19/2014
Last Updated 03/03/2015
Status Active
Type General Article
Tools
  • Vivado Design Suite - 2014.4