15.2.6.1.5 Production
(Ask a Question)The CM receives the SPPS Programming Job file from the OE and creates a FlashPro Express project with the HSM Job in the SPPS Programming Job file. For the HSM job, some ticket information, such as ticket IDs and overbuild protection data, gets loaded into the specific M-HSM module that participated in the Job Request-Reply handshake protocol. The rest of the ticket-protected information, such as JTAG chain configuration and programming bitstreams, is loaded into the FlashPro Express project. For more information, see FlashPro Express User Guide .
After creating the FlashPro Express project, the job is ready for execution.
Overbuild Protection
(Ask a Question)For each execution of a programming action (PROGRAM, ERASE, and VERIFY) that has an associated job ticket with overbuild protection turned on, the M-HSM decreases the counter of the remaining devices for the ticket. The overbuild protection counters reside inside the HSM module and are physically uncloneable. When the allowed number of devices have been programmed, the M-HSM stops processing any further protocol request associated with the ticket.
Job Status
(Ask a Question)Job status can be requested in FlashPro Express during job execution. Job status can be printed out in the FlashPro Express log windows or exported into the Job Status file and sent back to the OE. Job status contains a list of job tickets loaded into the FlashPro Express project and the M-HSM. For tickets with active overbuild protection, status will show max allowed device numbers and current state of remaining device counters.
Job Status also includes device CoC. The CoC is generated and cryptographically signed by the device with a (symmetric) message authentication code. This information can be verified by the U-HSM on the Job Manager side. See Device Certificate of Conformance (CoC) for more information.
Device Authentication
(Ask a Question)FlashPro Express performs a Microchip device authenticity check at the beginning of each programming action. This check is embedded into the check chain procedure. A failed device authentication check will abort programming action. The device authentication protocol is explained in Device Authenticity Check Protocol.
Job Completion
(Ask a Question)Job execution can be stopped in two ways:
- Normal job ending upon finishing programming of the target number of devices
- For example, all job ticket overbuild protection counters are exhausted
- Job termination
- If some job ticket overbuild protection counters
still have devices to program, then both the types of job termination will do the following:
- Remove job tickets from the M-HSM and archive them in a dedicated folder on the M-HSM.
- Generate Job Status with the
following data:
- Device Certificates of Conformance generated by devices (see Device Certificate of Conformance (CoC)).
- Ticket End certifiers. This is a cryptographically validated proof of removing ticket data from the M-HSM module. Validation of this data can be done by the Job Manager using the U-HSM. This check confirms that the job ticket can no longer be used by the M-HSM. See Job End Certifier Protocol.