6.7.2 Tamper Detection Flags
(Ask a Question)Tamper-detection flags (FLAGS[31:0]) inform the user about tampering activity. Each tamper event is signaled over a dedicated wire to the fabric. On receiving the tamper detection flags, the user can choose to use the appropriate tamper response (see Tamper Response) or ignore/clear the flags. Tamper events can only be cleared by asserting the associated fabric clear signal or a system reset.
In the event of a fatal tamper event, the user design is powered down and an automatic POR is executed. The shutdown sequence guarantees a minimum of 10 µs after the tamper alarm fires before the shutdown begins, allowing the user design to perform internal clean up tasks. The system services may not be used during this time.
The following table lists and describes the tamper detection flags.
| Flags[31:0] | Flag | Description |
|---|---|---|
| 0 | JTAG_ACTIVE | This flag is asserted whenever the JTAG port is active, that is, the JTAG TAP controller enters the Run-Test-Idle state. |
| 1 | MESH_ERROR | This flag is asserted whenever the active security mesh observes a mismatch between the actual metal mesh output and the expected output. This allows protection against invasive attacks, such as cutting and probing of traces using focused ion beam (FIB) technology with an active metal mesh on one of the higher metal layers. |
| 2 | CLOCK_MONITOR_GLITCH | This flag is asserted whenever the clock glitch monitor detects a pulse width violation. |
| 3 | CLOCK_MONITOR_FREQUENCY | This flag is asserted whenever the clock frequency monitor observes a frequency mismatch between the 160 MHz and 2 MHz RC oscillators. |
| 4 | LOW_1P05 | This flag is asserted when the 1.05V supply (VDD) is below the low threshold of the System Controller 1.05V detector. The tamper event is continuously generated until the supply returns to a level above the low threshold. This condition is also used during device programming to initiate shutdown procedures to protect the device programming circuits and integrity of the device NVM. |
| 5 | HIGH_1P8 | This flag is asserted when the 1.8V supply (VDD18) is above the high threshold of the System Controller 1.8V detector. The tamper event is continuously generated until the supply returns to a level below the high threshold. |
| 6 | HIGH_2P5 | This flag is asserted when the 2.5V supply (VDD25) is above the
high threshold of the System Controller 2.5V detector. The tamper event is continuously generated until the supply returns to a level below the high threshold. |
| 7 | Reserved | Reserved |
| 8 | SECDED | This flag is asserted when a 2-bit error occurs in the System Controller's internal memory. This is a fatal condition which results in a POR. |
| 9 | SCB_BUS_ERROR | This flag is asserted when an error has been detected on System Controller bus. |
| 10 | WATCHDOG | This flag is asserted when the System Controller's watchdog reset is about to fire. This is a fatal condition that results in a POR. |
| 11 | LOCK_ERROR | This flag is asserted when a single- or double-bit error is detected in the continuously-monitored security lock segments. |
| 12 | Reserved | Reserved |
| 13 | DIGEST | This flag is asserted when a requested POR digest check is
failed. To prevent loss of the DIGEST flag status when using the System Controller Suspend Mode feature, this flag output must be latched by enabling the Latch System Controller outputs option in the Tamper macro. |
| 14 | INST_BUFFER_ACCESS | The flag is asserted when read/write access is performed to system controller’s shared buffer using JTAG/SPI interface. The shared buffer holds the data requested by JTAG/SPI instructions. |
| 15 | INST_DEBUG | This flag is asserted when debug instruction executed. |
| 16 | INST_CHECK_DIGESTS | This flag is asserted when an external digest check has been requested. |
| 17 | INST_EC_SETUP | This flag is asserted when elliptic curve slave instructions have been used. |
| 18 | INST_FACTORY_PRIVATE | This flag is asserted when factory JTAG/SPI instruction is executed. |
| 19 | INST_KEY_VALIDATION | This flag is asserted when key validation protocol is requested. |
| 20 | INST_MISC | This flag is asserted when uncategorized SPI slave instruction executed. |
| 21 | INST_PASSCODE_MATCH | This flag is asserted when an attempt has made to match a passcode. |
| 22 | INST_PASSCODE_SETUP | This flag is asserted when the one-time-passcode protocol is initiated. |
| 23 | INST_PROGRAMMING | This flag is asserted when an external programming instruction has been used. |
| 24 | INST_PUBLIC_INFO | This flag is asserted when a request for device public information is issued. |
| 25 | Reserved | Reserved |
| 26 | INST_PASSCODE_FAIL | This flag is asserted when the passcode match fails. |
| 27 | INST_KEY_VALIDATION_FAIL | This flag is asserted when the key validation fails. |
| 28 | INST_UNUSED | This flag is asserted when the unused instruction opcode is executed. |
| 29 | BITSTREAM_AUTHENTICATION_FAIL | This flag is asserted when the bitstream authentication fails. |
| 30 | IAP_AUTO_UPDATE | This flag is set if an IAP update occurs (either by IAP system service or auto-update at device boot). |
| 31 | IAP_AUTO_RECOVERY | This flag is set if the IAP recovery procedure occurs. |