Data Security Services

The data security services are used to authenticate the device, generate unique random number, and store the encrypted data. The following table lists all the Data Security system services with their command values, description, and return status code.

Table 1. Data Security System Services
System Service Name SERVICECMD in Hexadecimal Description Return Status Code
Digital Signature Service 19, 1A Takes a user-supplied SHA-384 hash and signs it with the device's 384-bit private “factory” EC key, FEK, which is the private half of the key pair whose public key (DCPK) is certified by Microchip in the device's X.509-compliant supply chain assurance certificate.
  • 0: Success
  • 1: FEK error
  • 2: DRBG error

    (Failed to generate nonce.)

  • 3: ECDSA error
Secure NVM Write Service 10, 11, 12 Provides write access to pages in the sNVM.
  • 0: Success
  • 1: Invalid SNVMADDR

    (Illegal page address.)

  • 2: Write failure

    (PNVM program or verify failed.)

  • 3: PUF or storage failure
  • 4: Write not permitted
  • 5: Access failure

    (For PolarFire® FPGA, write access from Fabric is blocked.

    For PolarFire SoC FPGA, write access from either Fabric or MSS is blocked.)

Secure NVM Read Service 18 Provides access to the data stored by the Secure NVM Write service or data programmed via a bitstream.
  • 0: Success
  • 1: Invalid SNVMADDR

    (Illegal page address.)

  • 2: Authentication failure

    (Page blank, storage corrupt, or incorrect USK.)

  • 3: PUF or storage failure
  • 5: Access failure

    (For PolarFire FPGA, read access from Fabric is blocked.

    For PolarFire SoC FPGA, read access from either Fabric or MSS is blocked.)

PUF Emulation Service 20 Provides a mechanism for authenticating a device, or for generating pseudo-random bit strings that can be used for many different purposes.
  • 0: Success
  • 1: Internal error
Nonce Service 21 Generates a 256-bit random number derived from the start-up states of a dedicated SRAM.
  • 0: Success
  • 1: Error fetching PUK
  • 2: Error generating seed