4.2.9 Permanent Locks

The devices' ability to be reconfigured allows the FPGAs to be updated in the lab or in the field with encrypted and authenticated bitstreams They also have the capability to be one-time programmable to provide higher assurance that overwriting the design by unauthorized entities is impossible. This is beneficial for designs where single function ASICs are traditionally used, but the design and development flow requires the ability to be reprogrammed through development.

The devices offer the following permanent lock bits. You can enable any of the following locks permanently:

• Permanently disable UPK1—This will permanently disable FlashLock/UPK1 from being able to be matched by the device. Any feature that is disabled will be permanently disabled. Any feature that is available will be permanently available.
• Permanently disable UPK2—This will permanently disable UPK2 from being able to be matched by the device. If UEK2 is enabled and selected for programming, then it cannot be changed.
• Permanently disable SmartDebug access and reading TVS—This will permanently disable SmartDebug access for user debug along with the ability to read the temperature and voltage sensor (TVS).
• Permanently disable Debug Pass Key (DPK)—This will permanently disable the DPK from being able to be matched by the device. If DPK was programmed, then it can no longer be used for SmartDebug access.
• Permanently write-protect Fabric—This will make the Fabric One-Time Programmable. Verify of the Fabric will still be possible. Erase/Program of the Fabric is permanently disabled.
• Permanently disable Microsemi factory test mode access—This will permanently disable Microsemi factory test mode access. Microchip will not be able to perform a Failure Analysis on this device.
• Permanently disable Auto Programming, JTAG and SPI Slave programming interfaces—This will permanently disable all programming interfaces. The actual JTAG and SPI Slave ports are disabled and you cannot access the device for any operations including reading the IDCODE of the device. The device will become a One-Time Programmable and there will be no way to Erase/Program/Verify the device.

The permanent locks cannot be unlocked by passcodes. All the permanent lock bits are located in the same segment. The permanent locks segment can be written only once and is immune to zeroization operations. Once one or more of the permanent lock bits are programmed then they cannot be changed and the entire segment becomes unchangeable.

The Configure Permanent Locks for Production in the Libero Flow allows to configure Permanent Locks for Production programming. Permanent Locks must be configured after the Design/Debug phase is completed. The Permanent Lock settings are not applied when the device programming is done using Program Design > Run PROGRAM Action. They are only applied to the Export tools used for Production programming. Once the Permanent Locks are programmed, they cannot be changed. Configuring the Permanent Locks affect the settings on the subsequent pages and should be reviewed carefully. The settings cannot be changed once they are programmed.