16.5.4 Configuration Flash Memory Layout

The Boot ROM utilizes a predefined Configuration Fuse Memory (CFM) layout to manage boot-time settings. This layout includes dual copies of the boot configuration, providing redundancy to enhance reliability.

The Boot ROM attempts to boot the device as long as at least one of the BOOTCFG memory regions is valid and passes integrity checks. However, it is strongly recommended that both BOOTCFG fuse regions be programmed to take full advantage of the available redundancy and ensure robust boot behavior.

Figure 16-5. Configuration Flash Memory Layout

Device USERCFG 1/1A and ROMCFG Fuses

The Boot ROM supports complete device configuration through the User Configuration Fuses (USERCFG1/1A). To enhance reliability of the device, the Boot ROM maintains two physical copies of the user configuration:

  • USERCFG1
  • USERCFG1A

The Boot ROM selects one of these fuse sets during the boot process, selected by configuring the SEQ and SEQBAR fuses. If both USERCFG1 and USERCFG1A fail integrity checks, the Boot ROM halts the boot process and places the device into interactive mode.

Selection of USERCFG1 v/s USERCFG1A

The Boot ROM uses Firmware Metadata (FWMD) provided by the user to determine which boot configuration to use. This metadata includes two 32-bit unsigned integers:

  • SEQ0: Associated with USERCFG1
  • SEQ1: Associated with USERCFG1A

These sequence values are used to determine which configuration is more recent or preferred.

Important: Microchip provides firmware metadata generator tool. Do not attempt to program SEQ0/SEQ1 without using Microchip provided firmware metadata generator tool. Users need to use the FWMD tool by selecting the target device and generate the required FWMD for the target device. The FWMD tool is available for download from www.microchip.com.

The Boot ROM selects the boot configuration based on the following conditions:

Table 16-1. Boot Rom Conditions
ConditionSelected USERCFG fuse for Boot
SEQ0 > SEQ1USERCFG1
SEQ1 > SEQ0USERCFG1A
SEQ0 = SEQ1 and both ≠ 0xFFFFFFFFBoot Process halted, Boot ROM goes to Interactive mode
SEQ0 = SEQ1 = 0xFFFFFFFFBoots using default USERCFG values
Note: SEQ0 = SEQ1 must not be programmed to the same value.

Device ROMCFG Fuses

The ROMCFG region contains critical fuses that allow users to configure device access, enable self-tests, and enforce security policies. These fuses are evaluated by the Boot ROM during the early boot phase. Below is a summary of the key fuses within the ROMCFG region.

DAL Fuse

This fuse determines the Debugger Access Level (DAL) that becomes effective after the Boot ROM completes its execution and transfers control to the user application.

  • DAL2: Full access (value = 0xFFFFFF55)
  • DAL0: Locked state (any value other than 0xFFFFFF55)

FRCFGBROM Fuse

This fuse enables an internal self-test of the Boot ROM memory contents. If enabled and the self-test fails, the device halts further execution.

  • Default State: Disabled after any reset
  • User Action: Must be explicitly enabled via fuse programming

FRCFGMBIST Fuse

This fuse enables Memory Built-In Self-Test (MBIST) on the entire device SRAM. If MBIST is enabled (e.g., MOBB = 0x1 or 0x2), the Boot ROM checks the MBIST result during boot.

  • If MBIST Fails: The Boot ROM halts the boot process and enters an infinite loop followed by a software reset.
  • If MBIST Passes: Boot continues normally.
Note: MBIST is an intrusive operation for on-chip SRAM and hence, content of SRAM will not be persistent after the device is reset.

KEYVAL_ Fuses

The ROMCFG region includes multiple KEYVAL_ fuses used for device-specific configuration and security enforcement.