9.10.3 Custom Security Settings

For advanced use, you can customize your security levels.

To set custom security levels:

  1. Click the Custom Level button in the Setup Security page. The Custom Security dialog box appears.
    Figure 9-122. Custom Security Level
    ???
  2. Select the FPGA Array Security, the FlashROM Security, and Embedded Flash Memory block levels.

    The silicon features can have different Security Settings. See the tables below for a description of the custom security option levels for FPGA Array, FlashROM, and Embedded Flash Memory block.

    Table 9-6. FPGA Array Security Options
    Security OptionDescription

    Lock for both writing and verifying

    ???    		Allows writing/erasing and verification of the FPGA Array through the JTAG interface only with a valid Pass Key.

    Lock for writing

    ???    		Allows writing/erasing of the FPGA Array only with a valid Pass Key. Verification is allowed without a valid Pass Key.

    Use the AES Key for both writing and verifying

    ???    		Allows writing/erasing and verification of the FPGA Array through the JTAG interface only with a valid AES Key. This configures the device to accept an encrypted bitstream for reprogramming and verification. Use this option when final programming is performed at an unsecured site or when planning remote updates. Accessing device security settings requires a valid Pass Key.

    Allow write and verify

    ???    		Allows writing/erasing and verification of the FPGA Array using a plain‑text bitstream without requiring a Pass Key or AES Key. Use this option during in‑house development.
    Note: The ProASIC3 family FPGA Array is always read‑protected regardless of Pass Key or AES Key protection.
    Table 9-7. FlashROM Security Options
    Security OptionDescription

    Lock for both reading and writing

    ???    		Allows writing/erasing and reading of FlashROM through the JTAG interface only with a valid Pass Key. Verification is allowed without a valid Pass Key.

    Lock for writing

    ???    		Allows writing/erasing of FlashROM through the JTAG interface only with a valid Pass Key. Reading and verification are allowed without a valid Pass Key.

    Use the AES Key for writing

    ???    		Allows writing/erasing of FlashROM through the JTAG interface only with a valid AES Key. This configures the device to accept an encrypted bitstream for reprogramming. Use this option when final programming is performed at an unsecured site or when planning remote updates. Note: FlashROM readback is always unencrypted (plain text).

    Allow reading, writing, and verifying

    ???    		Allows writing/erasing, reading, and verification of FlashROM content using a plain‑text bitstream without requiring a Pass Key or AES Key.
    Note: The FPGA Array can always read FlashROM content regardless of these security settings.
    Table 9-8. Embedded Flash Memory Block Security Options
    Security OptionDescription

    Lock for reading, verifying, and writing

    ???    		Allows writing and reading of the Embedded Flash Memory Block through the JTAG interface only with a valid Pass Key. Verification is accomplished by readback and comparison.

    Lock for writing

    ???    		Allows writing of the Embedded Flash Memory Block through the JTAG interface only with a valid Pass Key. Reading and verification are allowed without a valid Pass Key.

    Use AES Key for writing

    ???    		Allows writing of the Embedded Flash Memory Block through the JTAG interface only with a valid AES Key. This configures the device to accept an encrypted bitstream for reprogramming. Use this option when final programming is performed at an unsecured site or when planning remote updates. Note: Readback of Embedded Flash Memory Block content is always unencrypted (plain text) when a valid Pass Key is provided.

    Allow reading, writing, and verifying

    ???    		Allows writing, reading, and verification of Embedded Flash Memory Block content using a plain‑text bitstream without requiring a Pass Key or AES Key.
  3. To make the Security Settings permanent, select the Permanently lock the security settings check box. This option prevents any future modifications of the Security Setting of the device. A Pass Key is not required if you use this option.
    Note: When you make the Security Settings permanent, you can never reprogram the Silicon Signature. If you lock the write operation for the FPGA Array or the FlashROM, you can never reprogram the FPGA Array or the FlashROM, respectively. If you use an AES key, this key cannot be changed once you permanently lock the device.

    To use the Permanent FlashLock™ feature, select Lock for both writing and verifying for FPGA Array and Lock for both reading and writing for FlashROM and select the Permanently lock the security settings checkbox as shown in the figure below. This will make your device one-time-programmable.

    Figure 9-123. Custom Security Level- Permanent Lock
    ???
  4. Click the OK button. The Security Settings page appears with the Custom security setting information.