AR# 68832

Description

Summary:

This Design Advisory Answer Record covers UltraScale FPGA, UltraScale+ FPGA, and Zynq UltraScale+ MPSoC eFUSE programming recommendations and known issues with Vivado 2016.4 and earlier. 

All known issues, if encountered, would result in an immediate error that prevents eFUSE programming or immediate encrypted/signed boot/configuration image failure.

Important:

• For UltraScale architecture SSI FPGAs, do NOT use Vivado 2016.4 or earlier to program the eFUSE Control Register R_DIS_SEC or R_DIS_RSA options without a patch. See Issue 1 in the Solution section below for a list of affected SSI devices and work-arounds.
• For UltraScale+ MPSoCs, do NOT use Vivado 2016.4 or earlier to program PS eFUSE or PS BBRAM. See general recommendations for Zynq UltraScale+ MPSoC PS eFUSE and PS BBRAM programming, below.

Impact to existing eFUSE programming projects or previously programmed devices:

NONE. Pre-existing projects that have been successfully programmed using an eFUSE programming methodology are not affected. 

However, if changes are made to the eFUSE settings or procedure in an existing project, review the known issues or apply the general recommendations to ensure success with the new settings or new procedure.

General Recommendations for NEW UltraScale FPGA and UltraScale+ FPGA eFUSE programming projects:

To ensure first time eFUSE programming success, apply the following for new eFUSE programming projects.

• Recommended: Set the FPGA configuration mode pins to the JTAG only setting during eFUSE programming, if the board design allows.
• Required: Use separate eFUSE programming operations, i.e. separate passes through the Program eFUSE GUI wizard or separate Tcl commands, to program applicable eFUSE values and options in the following order:
  
  1. Program eFUSE operation pass #1: Program NKY values (AES, RSA) and FUSE_USER values
  2. Program eFUSE operation pass #2: (If Applicable) Program the Security Register (FUSE_SEC) options, except for JTAG disable.
  3. Program eFUSE operation pass #3: (If Applicable) Program the Control Register (FUSE_CNTL) options, except for the W_DIS_CNTL (write-disable control register).
     Note: If you need to program the Security Register JTAG Disable option in the final step (5), do not program the Control Register W_DIS_SEC option.
  4. Program eFUSE operation pass #4: (If Applicable) Program the Control Register W_DIS_CNTL (write-disable FUSE_CNTL register. See (UG908).)
  5. Last program eFUSE operation pass: (If Applicable) Program the Security Register JTAG Disable (See UG908.)

• Recommended: For the first programmed device, validate the eFUSE results after each of the above steps, and then re-validate the eFUSE results after completing all steps to ensure that the final results from a complete eFUSE programming procedure is as expected.
• If AES and/or RSA values are programmed, then validate that the device loads an AES-encrypted and/or RSA-signed bitstream successfully
• If FUSE_USER value is programmed, then validate that you read the correct JTAG FUSE_USER and/or EFUSE_USER primitive value.
• If FUSE_SEC settings are programmed, then validate the correct device behavior for the chosen settings.
• If FUSE_CNTL settings are programmed, then check the resulting REGISTERS.EFUSE.FUSE_CNTL value in Vivado to verify the settings, and check that the read-protected REGISTER.EFUSE.* registers in Vivado do not show your actual values.
  Note: It is expected that Vivado will show some FUSE_CNTL reserved bit locations which are previously programmed to '1' by the Xilinx factory.
• Verify that you can, or cannot, access the device JTAG, depending on your choice for step 5.

 Refer to the following documents for instructions regarding Vivado tool programming operations for UltraScale architecture FPGAs:

• Vivado Design Suite User Guide: Programming and Debugging (UG908)
• Using Encryption and Authentication to Secure an UltraScale/UltraScale+ FPGA Bitstream Application Note (XAPP1267).

General Recommendations for Zynq UltraScale+ MPSoC PS eFUSE and PS BBRAM programming:

Use the SDK LibXil SKey library to program PS eFUSE and PS BBRAM in Zynq UltraScale+ MPSoC devices. See (UG1191) within the OS and Libraries Document Collection (UG643).

Solution

Note: All Known Issues listed below are fixed in the 2017.1 Vivado Release.

Known Issues UltraScale Architecture eFUSE programming with for Vivado 2016.4 (and earlier):

Issue 1: 

Vivado 2016.4 (and earlier) can program unintended eFUSE bits when programming an SSI FPGA with the following eFUSE Control Register read-disable settings: R_DIS_SEC or R_DIS_RSA. 

The unintended result for each setting can respectively be: JTAG is permanently disabled via an unintended FUSE_SEC[3] eFUSE setting or an RSA-signed bitstream load results in an authentication error due to an unintended incorrect RSA hash value.

SSI FPGAs include: 

• KU085
• KU115
• VU125
• VU160
• VU190
• VU440
• VU5P
• VU7P
• VU9P
• VU11P
• VU13P

Work-arounds:

In Vivado 2016.4 and earlier, do not program R_DIS_SEC or R_DIS_RSA bits in the eFUSE Control Register (FUSE_CNTL); Alternatively, use the patch attached to this DAAR with Vivado 2016.4 to program R_DIS_SEC and/or R_DIS_RSA.

Issue 2: 

Vivado 2016.4 (and earlier) does not program the eFUSE Security Register bit that enables use of an obfuscated AES key. 

If the BITSTREAM.ENCRYPTION.OBFUSCATEKEY property is enabled to generate an obfuscated AES key and the resulting NKY file is given to Vivado for programming, Vivado programs the obfuscated key but does not program the required eFUSE option (FUSE_SEC[6]) to enable the obfuscated key.

The result is that a bitstream encrypted with the obfuscated key flow does not configure the FPGA.

Work-arounds:

• In Vivado 2016.4 and earlier, do not use the obfuscated key.
• Alternatively, for a monolithic FPGA, use the following Tcl command to program FUSE_SEC[6]:, where $deviceIdx is the index of the target device in the JTAG scan chain.

program_hw_devices -security_efuse {40} [lindex [get_hw_devices] $deviceIdx]

Issue 3:

In the Vivado 2016.4 GUI, the Program eFUSE Register wizard reports an error that the FUSE_CNTL[5] (W_DIS_CNTL, write-disable FUSE_CNTL register) is already set when you attempt to select the Control Register options to program, even though the W_DIS_CNTL bit has not actually been programmed. 

The result is that the GUI does not allow you to program the eFUSE Control Register (FUSE_CNTL) settings.

Work-arounds:

Use the program_hw_devices Tcl command instead of the GUI flow to program FUSE_CNTL bits. 

Note: For FUSE_CNTL R_DIS_SEC or R_DIS_RSA, see also Issue 1.

Issue 4:

In the Vivado 2016.4 GUI, an internal exception error occurs when entering the Program eFUSE Registers wizard to program additional eFUSE fields after some eFUSE bits in the FUSE_CNTL or FUSE_USER register have already been programmed. 

The result is that the GUI does not allow you to program additional eFUSE Control Register (FUSE_CNTL) or additional FUSE_USER bits.

Work-arounds:

In Vivado 2016.4 and earlier, use the program_hw_devices Tcl command instead of the GUI flow for programming additional eFUSE bit values/options into a device where some FUSE_CNTL or FUSE_USER bits have already been programmed.

Issue 5: 

Vivado 2016.4 (and earlier) allows you to invoke the Program eFUSE Registers operation for a Zynq UltraScale+ MPSoC, but this operation does not program the PS eFUSE described in the Zynq UltraScale+ MPSoC Technical Reference Manual (UG1085). 

With certain security register settings, the use of the Program eFUSE Registers operation on an MPSoC device can result in a device that cannot load a standard PL bitstream.

Recommendation: 

Use the SDK LibXil SKey library to program PS eFUSE and PS BBRAM in Zynq UltraScale+ MPSoC devices. See (UG1191) within the OS and Libraries Document Collection (UG643).

For all other eFUSE programming issues with Vivado 2016.4 or earlier, review the Support Knowledge Base for additional issues or create a Support Service Request.

Patch for Vivado design tools 2016.4

Example Vivado UltraScale eFUSE Programming Script:

Attached to this Design Advisory Answer Record is an example script that demonstrates the recommended programming order of the eFuse settings in an UltraScale, UltraScale+ FPGA.

Attachments

Associated Attachments