Lock security settings and encryption key

You may wish to permanently lock your security settings and encryption key.

The 128-bit FlashLock feature in ProASIC3/E works via a key mechanism, where you lock or unlock the device with a user-defined key. When the device is locked, functions such as device read, write, verify, and erase are disabled. This unique feature help to protect against invasive and noninvasive attacks. Without the correct key, access to the FPGA is denied. In order to gain access to the FPGA, the device first must be unlocked using the correct key. You can generate the security header programming file, which is used to program the AES encryption key and/or FlashLock key. The FlashLock key does not reside in the FROM. It is in it's own area of Flash. The security header may be configured with a security key and must be provided to reprogram or access the device, if needed in the future.  

The FROM is programmed using the standard ProASIC3/E IEEE1532 JTAG programming interface. Pages can be individually programmed (erased and written) and on-chip AES decryption can be used selectively to load data securely into the FROM (such as application based security keys stored in the FROM for a design). The FROM can selectively be read back through the JTAG programming interface, the UJTAG interface, or via direct FPGA core addressing. A seven-bit address from the FPGA core defines which of the eight pages (three MSBs) is being read and which of the 16 bytes within the selected page (four LSBs) are being read. Figure 3 shows the FROM addressing scheme. During programming, the three-bit page address is defined by the program control logic. The user reads the FROM content for a page by sending the three-bit page address through the JTAG pins. Pages 0 to 3 of the FROM can selectively be made secure to prevent read back via JTAG. Read back on these secured pages is only possible by the FPGA core fabric or via UJTAG. Read back of individual bytes can be done randomly. (Random word read access of 10 ns worst-case commercial). During FROM programming, the FPGA core must be powered down. This is managed on-chip. FPGA core functionality is not available during programming of the FROM.

To permanently lock your security settings and encryption key:

  1. Select Program Security Header in the FlashROM configurator.

  2. Select the FPGA Array security option.

  3. Select the FROM Security option.

  4. Enter your encryption key.  

  5. Select the Make Security settings and Encryption Key Permanent option.

  6. Specify the file name and click Generate.  The configurator generates the programming file.