eFUSE Storage Location

Using Encryption and Authentication to Secure an UltraScale/UltraScale+ FPGA Bitstream Application Note (XAPP1267)

Document ID
XAPP1267
Release Date
2023-02-10
Revision
1.6 English

eFUSE is a non-volatile one-time-programmable technology used for selected configuration settings. The fuse link is programmed (or burned or blown) by flowing a large current for a specific amount of time. User-programmable eFUSEs can be programmed with the Xilinx configuration tools.

IMPORTANT: eFUSE bits are one-time programmable (OTP). After they are programmed, they cannot be un-programmed.

For example, if access to a register is disabled, it cannot be re-enabled. The FPGA logic can access only the FUSE_USER register value. All other eFUSE bits are inaccessible from the FPGA logic. Table: eFUSE Storage Location Advantages and Disadvantages identifies eFUSE storage location advantages and disadvantages.

Table  2: eFUSE Storage Location Advantages and Disadvantages

Advantages

Disadvantages

No external battery is required

Only a bitstream encrypted with the eFUSE key can get loaded into the FPGA

Cannot readback the eFUSE key as there is no readback path

eFUSE requires RSA authentication for DPA protection

Permanent: Key can NOT be cleared or updated.

Less secure than BBRAM solution because the key cannot be zeroized or updated.