eFUSE Registers

Using Encryption and Authentication to Secure an UltraScale/UltraScale+ FPGA Bitstream Application Note (XAPP1267)
Document ID
XAPP1267
Release Date
2023-02-10
Revision
1.6 English

An UltraScale FPGA has a total of six eFUSE registers: FUSE_RSA, FUSE_KEY, FUSE_DNA, FUSE_USER, FUSE_CNTL, and FUSE_SEC. For the purpose of this application note the focus is not on the FUSE_DNA register. All of the UltraScale eFUSE registers are described in Table: eFUSE Register Description .

Table  3: eFUSE Register Description

Register Name

Size (Bits)

Contents

Description

FUSE_RSA

384

Bitstream authentication key

[383:0]

(bit 0 shifted first)

Stores a hash of the public key used for RSA bitstream authentication.

FUSE_KEY

256

Bitstream encryption key

[255:0]

(bit 0 shifted first)

Stores a key for use by AES-GCM bitstream decryption and authentication. The eFUSE key can be used instead of the key stored in battery-backed SRAM (BBRAM). The AES key is used by the UltraScale FPGA decryption engine to load encrypted bitstreams. Depending on the read/write access bits in the CNTL register, the AES key can be programmed through the JTAG port but cannot be read through the JTAG port.

FUSE_DNA

96

Device identifier programmed by Xilinx

[95:0]

(bit 0 shifted first)

Unique device identifier bits [95:0], corresponding to the 96-bit read-only DNA_PORTE2 primitive value known as Device DNA.

FUSE_USER

32
or 128

User defined

[31:0] or [127:0]

(bit 0 shifted first)

Stores a 32-bit or 128-bit user-defined code. The 32-bit version of this register is readable from the FPGA logic using the eFUSE_USR primitive. (See Chapter 7, Design Entry in the UltraScale Architecture Configuration User Guide (UG570) [Ref 3] for a description of the eFUSE_USR primitive. Depending on the read/write access bits in the CNTL register, the code can be programmed and read through the JTAG port.

The 128-bit version of this register stores a 128-bit user-defined code. This register is readable from the JTAG FUSE_USER_128 instruction. The JTAG FUSE_USER_128 data register length is 384 bits in UltraScale FPGAs or 176 bits in UltraScale+ FPGAs. Only bits [127:0] are supported for user code storage, and the remaining bits are reserved and can be any value.

FUSE_CNTL

21

Control Bits CNTL

[20:0]

(bit 0 shifted first)

Controls key use and read/write access to eFUSE registers. This register can be programmed and read through the JTAG port.

24

Control Bits CNTL

[23:0]

(bit 0 shifted first)

In UltraScale+ FPGAs these bits control key use and read/write access to eFUSE registers. This register can be programmed and read through the JTAG port.

FUSE_SEC

32

Security Control Bits

[31:0]

(bit 0 shifted first)

Controls encryption and authentication options. Depending on the read/write access bits in the CNTL register, this register can be programmed and read through the JTAG port.