6.4 Security Fuses

CryptoMemory® uses four fuses. The status of these fuses is given in a ‘fuse byte.’ A value of zero indicates that the fuse has been blown. Bits 4 to 7 of this byte are not used as security fuses and are reserved for Microchip use.

Table 6-9. Device Fuses
F₇	F₆	F₅	F₄	F₃	F₂	F₁	F₀
resv	resv	resv	resv	SEC	PER	CMA	FAB

SEC, PER, CMA, and FAB are nonvolatile fuses blown at the end of various steps in the manufacturing and personalization process. Once blown, these fuses can never be reset. Microchip blows the SEC fuse to lock the lot history code before the device leaves the factory. Blowing the remaining fuses must follow this sequence:

FAB: To lock the ATR and the FAB code portions of the configuration memory
CMA: To lock the card manufacturer code of the configuration memory
PER: To lock the remainder of the configuration memory

Any attempt to blow a fuse out of sequence will be unsuccessful.

Table 6-10 provides a summary of access rights for all portions of the memory for each fuse condition.

Table 6-10. Configuration Memory Access Control by Security Fuses
Zone	Operation	Fuse
Zone	Operation	SEC = 0	FAB = 0	CMA = 0	PER = 0
Identification (Except MTZ and CMC)	Read	Free	Free	Free	Free
Identification (Except MTZ and CMC)	Write	Secure Code	Forbidden	Forbidden	Forbidden
Memory Test Zone (MTZ)	Read	Free	Free	Free	Free
Memory Test Zone (MTZ)	Write	Free	Free	Free	Free
Card Manufacturer Code (CMC)	Read	Free	Free	Free	Free
Card Manufacturer Code (CMC)	Write	Secure Code	Secure Code	Forbidden	Forbidden
Read Only (Lot History Code)	Read	Free	Free	Free	Free
Read Only (Lot History Code)	Write	Forbidden	Forbidden	Forbidden	Forbidden
Access Control	Read	Free	Free	Free	Free
Access Control	Write	Secure Code	Secure Code	Secure Code	Forbidden
Cryptography (Except Encryption Keys S)	Read	Free	Free	Free	Free
Cryptography (Except Encryption Keys S)	Write	Secure Code	Secure Code	Secure Code	Forbidden
Encryption Keys (S)	Read	Secure Code	Secure Code	Secure Code	Forbidden
Encryption Keys (S)	Write	Secure Code	Secure Code	Secure Code	Forbidden
Secret	Read	Secure Code	Secure Code	Secure Code	Forbidden
Secret	Write	Secure Code	Secure Code	Secure Code	Forbidden
Passwords	Read	Secure Code	Secure Code	Secure Code	Write PW
Passwords	Write	Secure Code	Secure Code	Secure Code	Write PW
Password Attempts Counters (PAC)	Read	Free	Free	Free	Free
Password Attempts Counters (PAC)	Write	Secure Code	Secure Code	Secure Code	Write PW
Forbidden	Read	Forbidden	Forbidden	Forbidden	Forbidden
Forbidden	Write	Forbidden	Forbidden	Forbidden	Forbidden

Note: The Write 7 password is the secure code until the PER fuse is blown.