3.6.1 Power-On Reset Digest Check
(Ask a Question)The device may be configured to perform automatic component digest checks while powering up the user design (after power-on reset) to check the integrity of the selected components. The user can specify which digest to check. If any of the selected digest checks fails, a tamper event is generated to fabric for user action. A digest check failure is an indication that the programmed content currently in the device is not what was last programmed into the device and cannot be trusted and that the device must be reprogrammed. The power-on digest check can be enabled and monitored using PF_TAMPER macro for PolarFire FPGA and PFSoC_TAMPER for PolarFire SoC FPGA.
For example, if the first-stage boot code for a soft CPU is stored in the sNVM or eNVM (for PolarFire SoC FPGA only), then the power-on reset digest check could be used to automatically provide a high level of assurance that the code had not been changed, either through a natural or malicious event, since the digest was stored.
| Digest Name | POR Digest Check | Comment |
|---|---|---|
| Fabric digest (CHECK FABRIC digest) | Fabric | — |
| Fabric configuration data digest (CC Digest) | Fabric | — |
| sNVM ROM pages digest | sNVM | — |
| User security segment digest (UL Digest) | Security | — |
| UKDIGEST0 | — | Not currently supported by Libero SoC |
| UKDIGEST1 | — | Not currently supported by Libero SoC |
| UKDIGEST2 | Security | — |
| UKDIGEST3 | Security | — |
| UKDIGEST4 | Security | — |
| UKDIGEST5 | Security | — |
| UKDIGEST6 | Security | — |
| UPDIGEST (UPERM Digest) | Security | — |
| FDIGEST (SYS Digest) | Any | Check when any POR Digest Enabled |
| UKDIGEST7 | Security | — |
| ENVMDIGEST | eNVM | — |
| UKDIGEST8 | eNVM | — |
| UKDIGEST9 | eNVM | — |
| UKDIGEST10 | eNVM | — |
A read-endurance limit specifies how many times a digest of the FPGA fabric can be run before the long-term reliability of the FPGA configuration data could be affected. For more information about the FPGA configuration memory endurance limits, see respective PolarFire FPGA Datasheet or PolarFire SoC Datasheet. Therefore, depending upon how the system is deployed and used (for example, how often it is powered-up), the on-demand digest check may be more appropriate for testing the integrity of the FPGA fabric.