17.13.11 Secure Configuration

This register contains the secure configuration setting of the device. It is stored in eFuses memory in Root of Trust module, which is directly driven in this register.

Note:

*_LCK bits in this register refer to the program locks of corresponding eFuses.

Name:	SECCFG
Offset:	0x48
Reset:	0x00000000
Property:	-


Bit	31	30	29	28	27	26	25	24

Access
Reset


Bit	23	22	21	20	19	18	17	16
								ADD_BOOT_KEY
Access								R
Reset								0


Bit	15	14	13	12	11	10	9	8
					BOOT_KEY_LCK[1:0]		ROOT_KEY_LCK[1:0]
Access					R	R	R	R
Reset					0	0	0	0


Bit	7	6	5	4	3	2	1	0
	DEBUG_LCK[1:0]		UUID_LCK[1:0]
Access	R	R	R	R
Reset	0	0	0	0

Bit 16 – ADD_BOOT_KEY Additional Boot Key

This bit is the LSB of the Y co-ordinate in the compressed Secure Boot Key.

Bits 11:10 – BOOT_KEY_LCK[1:0] Lock Bits for Secure Boot Key

Value	Description
11	Secure boot key is locked and cannot be programmed
10	Secure boot key is locked and cannot be programmed
01	Secure boot key is locked and cannot be programmed
00	Secure boot key is not locked

Bits 9:8 – ROOT_KEY_LCK[1:0] Lock Bits for Storage Root Key

Value	Description
11	Storage root key is locked and cannot be programmed
10	Storage root key is locked and cannot be programmed
01	Storage root key is locked and cannot be programmed
00	Storage root key is not locked

Bits 7:6 – DEBUG_LCK[1:0] Lock Bits for Debug

Value	Description
11	Debug is locked. Not possible to debug.
10	Debug is locked. Not possible to debug.
01	Debug is locked. Not possible to debug.
00	Debug is not locked.

Bits 5:4 – UUID_LCK[1:0] Programming Lock Bits for Unique ID Fuses

Value	Description
11	Unique ID is locked and cannot be programmed
10	Unique ID is locked and cannot be programmed
01	Unique ID is locked and cannot be programmed
00	Unique ID is not locked