To access efuse memory, PMUFW should be built by enabling ENABLE_EFUSE_ACCESS in xpfw_config.h and the respective eFuse classification macro to access read/write. By default this is disabled. But revision at offset 0x0 is enabled by default. Once booted into Linux, to read/write particular field please do read/write from/to "/sys/bus/nvmem/devices/zynqmp-nvmem0/nvmem" to the particular offset with the corresponding size.
Following are the respective eFuse classification macro to access read/write
- To access User0 to User7 (Offset 0x20 to 0x3C) efuse register, PMUFW should be built by defining XSK_ACCESS_USER_EFUSE as well in " lib/sw_services/xilskey/include/xilskey_eps_zynqmp.h".
- To access SPK ID, AES KEY, PPK0 hash and PPK1 hash efuse register, PMUFW should be built by defining XSK_ACCESS_KEY_MANAGE_EFUSE as well in " lib/sw_services/xilskey/include/xilskey_eps_zynqmp.h".
The following table gives the overview of possible addresses for read/write and with the sizes.
| Register | Read | Write | Size in bytes | Offset is |
|---|---|---|---|---|
| Version | YES | NO | 0x0 | 0x4 |
| DNA | YES | NO | 0xc | 0xC |
| User0 | YES | YES | 0x4 | 0x20 |
| User1 | YES | YES | 0x4 | 0x24 |
| User2 | YES | YES | 0x4 | 0x28 |
| User3 | YES | YES | 0x4 | 0x2c |
| User4 | YES | YES | 0x4 | 0x30 |
| User5 | YES | YES | 0x4 | 0x34 |
| User6 | YES | YES | 0x4 | 0x38 |
| User7 | YES | YES | 0x4 | 0x3C |
| Misc user | YES | YES | 0x4 | 0x40 |
| Secure control | YES | YES | 0x4 | 0x58 |
| SPK ID | YES | YES | 0x4 | 0x5C |
| AES key | NO | YES | 0x20 | 0x60 |
| PPK0 hash | YES | YES | 0x30 | 0xA0 |
| PPK1 hash | YES | YES | 0x30 | 0xD0 |
Reading/writing unrestricted number of bytes results into an error.
Restricted bits from programming :
Secure Control eFuses :
- RSA_EN (BITS - [25:11])
- DFT_DIS (BIT-6 )
- JTAG_DIS (BIT-5)
- ENC_ONLY (BIT - 2)
Misc User Control eFuses :
- LBIST_EN (BIT - 10)
Expected Output
For Version reading: offset is 0x0 and bytes are 4 ########## For Silicon 1.0 ############ root@plnx_aarch64:~# dd if=/sys/bus/nvmem/devices/zynqmp-nvmem0/nvmem of=/tmp/version.bin bs=4 count=1 root@plnx_aarch64:~# hexdump -v /tmp/version.bin 0000000 0000 0000001 ########## For Silicon 2.0 ############ root@plnx_aarch64:~# dd if=/sys/bus/nvmem/devices/zynqmp-nvmem0/nvmem of=/tmp/version.bin bs=4 count=1 root@plnx_aarch64:~# hexdump -v /tmp/version.bin 0000000 0001 0000001 ########## For Silicon 3.0 ############ root@plnx_aarch64:~# dd if=/sys/bus/nvmem/devices/zynqmp-nvmem0/nvmem of=/tmp/version.bin bs=4 count=1 root@plnx_aarch64:~# hexdump -v /tmp/version.bin 0000000 0002 0000001 ########## For Silicon 4.0 ############ root@plnx_aarch64:~# dd if=/sys/bus/nvmem/devices/zynqmp-nvmem0/nvmem of=/tmp/version.bin bs=4 count=1 root@plnx_aarch64:~# hexdump -v /tmp/version.bin 0000000 0003 0000001 EFUSE access To read user fuse 7 root@xilinx-zcu102-2018_3:/mnt# dd if=/sys/bus/nvmem/devices/zynqmp-nvmem0/nvmem of=/tmp/userfuse.bin bs=4 count=1 skip=15 1+0 records in 1+0 records out root@xilinx-zcu102-2018_3:/mnt# hexdump -v /tmp/userfuse.bin 0000000 0000 af00 0000004
| Register | Size in bytes(hex) | Offset (hex) | bs(dec) | count(dec) | skip(dec) |
|---|---|---|---|---|---|
| Version | 0 | 4 | 4 | 0 | 1 |
| User7 | 4 | 3C | 4 | 1 | 15 |
| User6 | 4 | 38 | 4 | 1 | 14 |
| User5 | 4 | 34 | 4 | 1 | 13 |
| User4 | 4 | 30 | 4 | 1 | 12 |
| User3 | 4 | 2C | 4 | 1 | 11 |
| User2 | 4 | 28 | 4 | 1 | 10 |
| User1 | 4 | 24 | 4 | 1 | 9 |
| User0 | 4 | 20 | 4 | 1 | 8 |
| SPK ID | 4 | 5C | 4 | 1 | 23 |
| Secure Control | 4 | 58 | 4 | 1 | 22 |
| PPK1 hash | 30 | D0 | 4 | 12 | 52 |
| PPK0 hash | 30 | A0 | 4 | 12 | 40 |
| Misc user | 4 | 40 | 4 | 1 | 16 |
| DNA | C | C | 12 | 1 | 1 |