On initial device power up, when the PS PS_POR_B de-asserts within a certain timing window in relationship to power up of the last PL power supply (VCCINT, VCCBRAM, VCCAUX or VCCO_0), the device can enter Secure Lockdown state and will prevent boot from completing per the lockdown specification.
This window is defined as a minimum and maximum time relative to the last PL power supply ramp:
Tslw (min) = Time from last PL power supply reaching 250mv to start of Secure Lockdown Window
Tslw (max) = Time from last PL power supply reaching 250mv to end of Secure Lockdown Window
How do I evaluate if my system is impacted?
Tests 1 and 2 below can be performed on design specifications or optionally on hardware to evaluate if a specific system is impacted.
Important Test Assumptions: eFuse for 128K CRC is not enabled AND PLLs are not bypassed.
Steps for hardware testing:
- Identify probe points for PS_POR_B, VCCINT (PL), VCCAUX (PL), VCCBRAM, VCCO_0 (PL).
- For PL supply, identify the probe points near to the die, typically on the supply bypass capacitor.
- Use an oscilloscope to measure the relative time between the signals for Test 1 and Test 2.
In the "Possible Risk" scenario, the power up sequence and de-assertion timing of PS_POR_B must be analyzed to determine if it falls within the Secure Lockdown timing window (Tslw).
The Tslw min/max values are dependent on several system level factors (Zynq-7000 AP SoC Device, PS_CLK frequency, and PL power supply ramp time).
A Power Up Timing Spreadsheet Calculator has been created to determine this range based on the values from the customers system. This spreadsheet is attached.
As an example, a 7Z020 device with a 33.33 MHz PS_CLK and a 6ms PL power supply ramp time has a Secure Lockdown timing window (Tslw) of 13.45ms to 38.99ms after the last PL power supply started to ramp.
If PS_POR_B is de-asserted during this window, the device can enter Secure Lockdown state.
If PS_POR_B is de-asserted either before or after this window, the device is not exposed this behavior.
How to confirm that boot did not complete because of this event?
All of the following specific symptoms need to be present to confirm this issue is the root cause:
- If you do an initial power-up AND
- If you see a hang during boot AND
- If you do not see an access to your boot device AND
- If you see the PL JTAG TAP in the JTAG chain AND
- If you do not see the PS JTAG TAP in the JTAG chain AND
- INIT_B goes HIGH and stays HIGH after secure lockdown AND7. If PS_POR_B de-assertion falls inside the Secure Lockdown window
What solutions are available?
Xilinx has created multiple solutions to avoid the Secure Lockdown Window.
The solutions have been classified into the following categories.
IMPORTANT: Contact your local Xilinx FAE or open a Service Request for further assistance.
- Change timing relationship between last PL power ramp and PS_POR_B using PCB level circuits (Preferred Solution)
- Change PS BootROM code execution time (*) to shift the window by
- enabling 128K CRC check by burning a PS eFuse bitor
- enabling PLL Bypass (**)
Please, open a Service Request with "Secure Lockdown Window" in the title ONLY after collecting the following:
- Results of the attached spreadsheet analysis (a snapshot of the timing in the spreadsheet)
- Scope-shots of PS_POR_B, VCCINT (PL), VCCAUX (PL), VCCBRAM, VCCO_0 (PL) and INIT_B (the time relationship between the signals is required)
(*): Changing the PS BootROM code execution time in systems that have stringent startup timing may not be desirable.