System Controller Suspend Mode

PolarFire FPGA and PolarFire SoC FPGA devices have a System Controller Suspend mode feature that can be used to force the System Controller into reset after device initialization is complete. This mode is desirable for safety critical applications to protect the device from unintended device programming or zeroization of the device due to single event upset events (SEU). When the user programs the System Controller to be in the ‘Suspend mode’ (using the Libero SoC tool), some device features are no longer available. The following table lists the availability of device features when the device is programmed with the System Controller Suspend mode enabled.

Table 1. PolarFire FPGA and PolarFire SoC FPGA Device Feature Availability in System Controller Suspend Mode
Feature	System Controller Suspend Mode		Notes
Feature	Enabled	Disabled	Notes
Programming
JTAG	Yes¹	Yes	—
SPI Slave	Yes¹	Yes	—
Auto-Update (POR/DEVRSTn)	Yes	Yes	Executes after power-up/DEVRSTn if the feature is enabled in the device.
Auto-Update (System Service)	No	Yes	Auto-update requested through system services is not available in Suspend mode.
IAP	No	Yes
System Services
Device and Design Info Services	No	Yes	Serial Number Service, USERCODE, Design Info, and so on.
Design Programming Services	No	Yes	Bitstream and IAP Image Authentication
Data Security Services	No	Yes	Digital Signature, sNVM, PUF Emulation, Nonce
Zeroization	No	Yes	—
Digest Check Service	No	Yes	—
SPI Flash Memory Read Service	No	Yes	Only for PolarFire^® SoC FPGA.
Passcode Service	No	Yes	Only for PolarFire SoC FPGA.
User Crypto Coprocessor	Yes	Yes	—
Tamper
POR Digest Checks	Yes	Yes	—
Tamper IO_Disable	Yes	Yes	—
Tamper LOCKDOWN	No	Yes	—
Tamper RESET Device	No	Yes	—
Tamper Slow Clock	No	Yes	—
Tamper Flags	No ²	Yes	—
User Voltage Detectors	Yes	Yes	—
UJTAG Sec Monitor	Yes	Yes	—
Clock Glitch Monitor	No	Yes	—
Clock Freq Monitor	No	Yes	—
Anti-tamper Mesh	No	Yes	—
Reset Reason	Yes ³	Yes	—
TVS	Yes	Yes	—
Debug			—
SmartDebug	Yes¹	Yes	—
Debug System Services	No	Yes	For PolarFire SoC FPGA only.

Notes:

1.Requires JTAG_TRST_B pin to be driven logic high prior to executing operation and remain high until operation is complete.
2.When System Controller Suspend Mode is enabled, only Tamper Flag [13] (POR digest check) is available. Configure the TAMPER macro to latch the state of this output just before System Controller Suspend Mode is entered. Tamper Flags[31:14, 12:0] are unavailable when System Controller Suspend Mode is enabled.
3.When System Controller Suspend Mode is enabled, the Tamper macro RESET_REASON[4:0] outputs are updated only during FPGA initialization before device enters System Controller Suspend Mode. The Tamper macro can be configured to latch the state of these outputs just before System Controller Suspend Mode is entered. Additionally, when System Controller Suspend Mode is enabled, only the following reset reasons are captured: POR, POR1P05, POR1P8, POR2P5, and DEVRST. See Table 4 for more information.

A device is configured to be in Suspend mode when the System Controller Suspend mode bit is programmed into the device during the FPGA programming. Controlling the JTAG_TRST_B pin only affects SmartDebug, JTAG, and SPI Slave programming feature and does no effect any other features listed in Table 1.

System Controller operation is as follows:

To enable the System Controller suspend mode feature, the System Controller Suspend Mode Enable bit must be set in the Libero SoC design tool and the device must be programmed.
The suspend feature is now enabled where the System Controller disables many features of the device as listed in Table 1.
To complete the solution, you must add a 1 kΩ pulldown resistor to the JTAG_TRST_B pin of the device to disable the JTAG port. This, along with the System Controller Suspend mode bit programmed into the device, forces the System Controller into an SEU protected Reset state.
If it is required to reprogram the device or debug using the SmartDebug tool, it is first necessary to drive and maintain the JTAG_TRST_B pin to a logic high to take the System Controller out of the Reset state. The System Controller must be enabled for these operations. Driving JTAG_TRST_B = 1 does not enable all the device features but only those indicated in Table 1.

When a device is programmed with the System Controller Suspend mode enabled, at device power-up or after a DEVRSTn reset toggle, the System Controller is initially active to carry out device initialization activities. Once these activities are complete, the System Controller enters Suspend mode, provided JTAG_TRST_B = 0. If JTAG_TRST_B = 1, at this time, the System Controller is active but many System Controller managed features are unavailable as per Table 1.

Note: For PolarFire FPGA devices, when the System Controller is forced out of suspend mode, by asserting JTAG_TRST_B = 1, the outputs of the PF_INIT_MONITOR macro and TAMPER macro are forced = 0. Since the PF_INIT_MONITOR outputs are often used for resetting the user logic design, appropriate user design considerations must be made for this operational case.