Summary:
This Design Advisory Answer Record covers UltraScale FPGA, UltraScale+ FPGA, and Zynq UltraScale+ MPSoC eFUSE programming recommendations and known issues with Vivado 2016.4 and earlier.
All known issues, if encountered, would result in an immediate error that prevents eFUSE programming or immediate encrypted/signed boot/configuration image failure.
Important:
Impact to existing eFUSE programming projects or previously programmed devices:
NONE. Pre-existing projects that have been successfully programmed using an eFUSE programming methodology are not affected.
However, if changes are made to the eFUSE settings or procedure in an existing project, review the known issues or apply the general recommendations to ensure success with the new settings or new procedure.
General Recommendations for NEW UltraScale FPGA and UltraScale+ FPGA eFUSE programming projects:
To ensure first time eFUSE programming success, apply the following for new eFUSE programming projects.
Refer to the following documents for instructions regarding Vivado tool programming operations for UltraScale architecture FPGAs:
General Recommendations for Zynq UltraScale+ MPSoC PS eFUSE and PS BBRAM programming:
Use the SDK LibXil SKey library to program PS eFUSE and PS BBRAM in Zynq UltraScale+ MPSoC devices. See (UG1191) within the OS and Libraries Document Collection (UG643).
Note: All Known Issues listed below are fixed in the 2017.1 Vivado Release.
Known Issues UltraScale Architecture eFUSE programming with for Vivado 2016.4 (and earlier):
Issue 1:
Vivado 2016.4 (and earlier) can program unintended eFUSE bits when programming an SSI FPGA with the following eFUSE Control Register read-disable settings: R_DIS_SEC or R_DIS_RSA.
The unintended result for each setting can respectively be: JTAG is permanently disabled via an unintended FUSE_SEC[3] eFUSE setting or an RSA-signed bitstream load results in an authentication error due to an unintended incorrect RSA hash value.
SSI FPGAs include:
Work-arounds:
In Vivado 2016.4 and earlier, do not program R_DIS_SEC or R_DIS_RSA bits in the eFUSE Control Register (FUSE_CNTL); Alternatively, use the patch attached to this DAAR with Vivado 2016.4 to program R_DIS_SEC and/or R_DIS_RSA.
Issue 2:
Vivado 2016.4 (and earlier) does not program the eFUSE Security Register bit that enables use of an obfuscated AES key.
If the BITSTREAM.ENCRYPTION.OBFUSCATEKEY property is enabled to generate an obfuscated AES key and the resulting NKY file is given to Vivado for programming, Vivado programs the obfuscated key but does not program the required eFUSE option (FUSE_SEC[6]) to enable the obfuscated key.
The result is that a bitstream encrypted with the obfuscated key flow does not configure the FPGA.
Work-arounds:
program_hw_devices -security_efuse {40} [lindex [get_hw_devices] $deviceIdx]
Issue 3:
In the Vivado 2016.4 GUI, the Program eFUSE Register wizard reports an error that the FUSE_CNTL[5] (W_DIS_CNTL, write-disable FUSE_CNTL register) is already set when you attempt to select the Control Register options to program, even though the W_DIS_CNTL bit has not actually been programmed.
The result is that the GUI does not allow you to program the eFUSE Control Register (FUSE_CNTL) settings.
Work-arounds:
Use the program_hw_devices Tcl command instead of the GUI flow to program FUSE_CNTL bits.
Note: For FUSE_CNTL R_DIS_SEC or R_DIS_RSA, see also Issue 1.
Issue 4:
In the Vivado 2016.4 GUI, an internal exception error occurs when entering the Program eFUSE Registers wizard to program additional eFUSE fields after some eFUSE bits in the FUSE_CNTL or FUSE_USER register have already been programmed.
The result is that the GUI does not allow you to program additional eFUSE Control Register (FUSE_CNTL) or additional FUSE_USER bits.
Work-arounds:
In Vivado 2016.4 and earlier, use the program_hw_devices Tcl command instead of the GUI flow for programming additional eFUSE bit values/options into a device where some FUSE_CNTL or FUSE_USER bits have already been programmed.
Issue 5:
Vivado 2016.4 (and earlier) allows you to invoke the Program eFUSE Registers operation for a Zynq UltraScale+ MPSoC, but this operation does not program the PS eFUSE described in the Zynq UltraScale+ MPSoC Technical Reference Manual (UG1085).
With certain security register settings, the use of the Program eFUSE Registers operation on an MPSoC device can result in a device that cannot load a standard PL bitstream.
Recommendation:
Use the SDK LibXil SKey library to program PS eFUSE and PS BBRAM in Zynq UltraScale+ MPSoC devices. See (UG1191) within the OS and Libraries Document Collection (UG643).
For all other eFUSE programming issues with Vivado 2016.4 or earlier, review the Support Knowledge Base for additional issues or create a Support Service Request.
Patch for Vivado design tools 2016.4
Please refer to the Installation/Use section in the README (AR68832_vivado_2016.4_rev3.txt) included with the patch.Example Vivado UltraScale eFUSE Programming Script:
Attached to this Design Advisory Answer Record is an example script that demonstrates the recommended programming order of the eFuse settings in an UltraScale, UltraScale+ FPGA.
Name | File Size | File Type |
---|---|---|
AR68832_vivado_2016_4_rev3.zip | 11 MB | ZIP |
vivado_ultrascale_efuse_programming_sequence.txt | 6 KB | TXT |