Device Integrity Protection

It should be possible to distinguish new devices from a previously used or tampered device. The used device has obvious implications for device quality and endurance. Attempts may be made to extract the device's unique factory keys with the intention of later intercepting or forging communications with the device. To mitigate this class of attacks, devices employ a mechanism to mark used devices. This requires reading the device integrity bits using JTAG/SPI instruction. It returns the signed certificate with device integrity bits and device serial number. The returned device integrity bits can be matched with an expected value for a new device. The data integrity bits are initialized to the following 256-bit big-endian value at the factory:

4BE48DC078655D410FCDCE9BF440E55E2FAB9525A27EB8F1E4B1DB5C9D0CAFF6

When you receive a new device, examine the device integrity bits and check that they are still intact. The device integrity bits are invalidated in the following events:

Device integrity bits cannot be modified by any user operation. Zeroization changes the state of the device integrity bits, but cannot restore them to their pristine state. Device integrity bits can be read from the device using Libero SoC or FlashPro Express by running Device Info programming action.

It is also possible to check the validity of the device integrity bits before commencing the device programming. If the device integrity bits are invalid, the programming action fails and the error is logged in FRAME_ERRORCODE as 14. This feature will be supported in Secure Production Programming Solution (SPPS). This debug information can be retrieved from the device using Read Debug Information Service. For more information, see PolarFire FPGA and PolarFire SoC FPGA System Services User Guide.