FlashLock or User Passcode Key 1 (UPK1)

The FlashLock, also known as UPK1, is the primary user passcode that unlocks a majority of the non-permanent user-defined locks when matched by the user. This passcode is loaded along with the other user keys and passcodes using an encrypted bitstream, and is stored (after being hashed) in the primary user key security segment in the pNVM.

The FlashLock passcode may be matched using either the plaintext, or the one-time-use passcode protocol, or one-way passcode protocol (for PolarFire SoC FPGA only). When the FlashLock passcode is entered for attempted validation, it is hashed and compared with the stored hashed passcode. If the hashed value of the passcode is successfully matched, it temporarily allows changes to the data items normally protected by the affected user-defined locks. The device returns to normal locked state (as defined by the non-volatile lock bit settings) on the next device reset or JTAG reset, or power cycle.

A plaintext passcode does not provide selective unlocking of individual locks in its associated class. Furthermore, a plaintext passcode is subject to possible monitoring attacks. Once known, it can be used to escalate privileges associated with that passcode forever (unless plaintext passcodes are prohibited by the device's security settings). The use of plaintext passcodes is therefore discouraged. The plaintext passcodes are supported to maintain legacy functionality.

The one-time-use passcode protocol is a challenge-response type Online protocol in which the User (or Factory) proves to the device that they know the selected passcode and key. The one-time-use passcode protocol permits selective unlocking of individual locks. When a one-time-use passcode is used, a subset of locks to override may be specified in the one-time-use passcode protocol. The one-time-use passcode protocol uses a nonce, and generates an encrypted one-time passcode using the user selected root key. The HSM used in SPPS flow supports the one-time-use passcode protocol. The one-time-use passcode protocol can be used to match the FlashLock passcode (without revealing its value outside the SPPS HSM). One possible use of the FlashLock passcode is to have it allow bitstream updates again, even if overwriting the FPGA fabric or sNVM was disabled by locks in the security policy stored on the device.

The One-way Passcode (OWP) protocol (for PolarFire SoC FPGA only) is used for overriding locks via a bitstream without requiring any interaction with an external intelligence. It is similar in concept to the One-Time Passcode protocol in that it can only be used once, has selective unlocking capability but does not require a FPGA nonce and is bounded to a specific bitstream. It pertains to locks associated with UPK1 and UPK2. The One-way Passcode protocol allows one-time passcodes to be created offline and it is a one-way communication protocol unlike one-time-use passcode protocol. The primary use-model is to support one-time bitstream updates where the one-way passcode is bound to a given bitstream. The bitstream created with OWP temporarily undo locks that would otherwise prevent the bitstream from being used. When the bitstream is complete, or terminates for any other reason, locks are restored to their original non-volatile states. The bitstream created with OWP is protected by the standard bitstream encryption and authentication mechanisms supported by PolarFire SoC FPGA.

The Configure Security Wizard in the Libero SoC software is used to apply the FlashLock passcode for the user design. It is recommended to allow the SPPS with a hardware security module (HSM), when available, to select the FlashLock passcode (and all other user keys and passcodes) rather than importing it manually or generating it on a less-secure general-purpose workstation. The HSM generates a high-quality 256-bit true random bit string, and stores it securely within its certified hardware security boundary. The random bit string if exported for storage on the host workstation, injection into the device (as a bitstream), or for unlocking the device (using the onetime passcode protocol), is strongly encrypted. The HSM does not export secret keys or passcodes in plaintext form, even to the host workstation.