6.4 Security Fuses

CryptoMemory® uses four fuses. The status of these fuses is given in a ‘fuse byte.’ A value of zero indicates that the fuse has been blown. Bits 4 to 7 of this byte are not used as security fuses and are reserved for Microchip use.

Table 6-9. Device Fuses

F7

F6

F5

F4

F3

F2

F1

F0

resv

resv

resv

resv

SEC

PER

CMA

FAB

SEC, PER, CMA, and FAB are nonvolatile fuses blown at the end of various steps in the manufacturing and personalization process. Once blown, these fuses can never be reset. Microchip blows the SEC fuse to lock the lot history code before the device leaves the factory. Blowing the remaining fuses must follow this sequence:

  1. FAB: To lock the ATR and the FAB code portions of the configuration memory
  2. CMA: To lock the card manufacturer code of the configuration memory
  3. PER: To lock the remainder of the configuration memory

Any attempt to blow a fuse out of sequence will be unsuccessful.

Table 6-10 provides a summary of access rights for all portions of the memory for each fuse condition.

Table 6-10. Configuration Memory Access Control by Security Fuses
Zone

Operation

Fuse

SEC = 0

FAB = 0

CMA = 0

PER = 0

Identification

(Except MTZ and CMC)

Read

Free

Free

Free

Free

Write

Secure Code

Forbidden

Forbidden

Forbidden

Memory Test Zone

(MTZ)

Read

Free

Free

Free

Free

Write

Card Manufacturer Code

(CMC)

Read

Free

Free

Free

Free

Write

Secure Code

Secure Code

Forbidden

Forbidden

Read Only

(Lot History Code)

Read

Free

Free

Free

Free

Write

Forbidden

Forbidden

Forbidden

Forbidden

Access Control

Read

Free

Free

Free

Free

Write

Secure Code

Secure Code

Secure Code

Forbidden

Cryptography

(Except Encryption Keys S)

Read

Free

Free

Free

Free

Write

Secure Code

Secure Code

Secure Code

Forbidden

Encryption Keys

(S)

Read

Secure Code

Secure Code

Secure Code

Forbidden

Write

Secret

Read

Secure Code

Secure Code

Secure Code

Forbidden

Write

Passwords

Read

Secure Code

Secure Code

Secure Code

Write PW

Write

Password Attempts Counters

(PAC)

Read

Free

Free

Free

Free

Write

Secure Code

Secure Code

Secure Code

Write PW

Forbidden

Read

Forbidden

Forbidden

Forbidden

Forbidden

Write

Note: The Write 7 password is the secure code until the PER fuse is blown.