Apply the following recommendations for eFUSE programming projects:
• Required: Use Vivado Design Suite 2017.1 or newer.
• Recommended: Set the FPGA configuration mode pins to the JTAG only setting during eFUSE programming, if the board design allows.
• Required: Use separate eFUSE programming operations, i.e., separate passes through the Program eFUSE GUI wizard or separate Tcl commands, to program applicable eFUSE values and options in the following order:
1. Program eFUSE operation pass #1: Program NKY values (AES, RSA) and FUSE_USER values
2. Program eFUSE operation pass #2: (If applicable) Program the Security Register (FUSE_SEC) options, except for JTAG disable.
3. Program eFUSE operation pass #3: (If Applicable) Program the Control Register (FUSE_CNTL) options, except for the W_DIS_CNTL (write-disable control register).
Note: If you need to program the Security Register JTAG Disable option in the final step (5), do not program the Control Register W_DIS_SEC option.
4. Program eFUSE operation pass #4: (If Applicable) Program the Control Register W_DIS_CNTL (write-disable FUSE_CNTL register. See Vivado Design Suite User Guide: Programming and Debugging (UG908) [Ref 4] .
5. Last program eFUSE operation pass: (If Applicable) Program the Security Register JTAG Disable. See Vivado Design Suite User Guide: Programming and Debugging (UG908) [Ref 4] .
• Recommended: For the first programmed device, validate the eFUSE results after each of the preceding steps, and then re-validate the eFUSE results after completing all steps to ensure that the final results from a complete eFUSE programming procedure is as expected.
• If AES and/or RSA values are programmed, then validate that the device loads an AES-encrypted and/or RSA-signed bitstream successfully.
• If FUSE_USER value is programmed, then validate that you read the correct JTAG FUSE_USER and/or EFUSE_USER primitive value.
• If FUSE_SEC settings are programmed, then validate the correct device behavior for the chosen settings.
• If FUSE_CNTL settings are programmed, then check the resulting REGISTERS.EFUSE.FUSE_CNTL value in Vivado to verify the settings, and check that the read-protected REGISTER.EFUSE.* registers in Vivado do not show your actual values.
Note: It is expected that Vivado will show some FUSE_CNTL reserved bit locations which are previously programmed to '1' by the Xilinx factory.
• Verify that you can, or cannot, access the device JTAG, depending on your choice for step 5.