15.2.4 SPPS Functions and Services
(Ask a Question)The primary purpose of SPPS is to enable secure programming of SmartFusion 2, IGLOO 2, PolarFire, and PolarFire SoC devices in an untrusted environment. This flow is based on the use of an HSM and in this document it is referred to as HSM flow. However, the primary tool created for SPPS (Job Manager) can also be used for non-secured programming (non-HSM flow), which is the same as the programming supported by Libero®. In the case of non-HSM flow, initial key loading is done using the Key Loading Key (KLK) mode supported for SmartFusion 2, IGLOO 2, PolarFire, and PolarFire SoC devices. KLK mode is suitable for programming in a trusted environment or if security is not a concern.
The following SPPS supported common functions are available in HSM flow and non-HSM flow:
- Generation of programming bit streams and programming jobs outside the Libero tool
- Generation of Initiater programming bit streams
(for initial key loading)
- Generation of Update bit streams for updating Fabric and/or eNVM of an already programmed device
- Overwrite of eNVM Client(s) data
- Selection of eNVM Clients in generated bit streams
- Security settings overwrite
- Generation of SPI Flash file directory
The main SPPS flow (HSM flow) assumes the presence of HSM servers on the customer side and in most cases on the manufacturer side as well.
Features available in HSM flow only:
- HSM-protected user key generation
- The user does not have access to the encryption and pass key values; nor do insiders
- HSM generated keys are never present on the host workstation except in encrypted form
- Secured Initial Key Loading through the
Authorization Code Protocol (see Authorization Code Protocol)
- Initial programming of the project key (same for all devices)
- Initial programming of per-device keys
- Overbuild protection
- Generation and validation of Certificates of Conformance (CoC) of the programmed design
- Verifying Microchip device authenticity