Secure Non-Volatile Memory (sNVM)

The sNVM block is a user non-volatile flash memory that can be programmed independently. Each device has 56 Kbytes of sNVM. The sNVM is organized into 224 pages, each page is of 256 bytes in size. Three pages are reserved for administrative purposes, leaving 221 pages available for user data. Individual pages in the sNVM can be designated as write-protected (ROM) when its programming bitstream is generated, to make it easy to control sensitive data and prevent overwriting of those pages at run-time. sNVM pages marked as ROM can only be modified by device reprogramming. The sNVM content is accessible to the user logic through the system service calls. For more information, see PolarFire FPGA and PolarFire SoC FPGA System Services User Guide.

The sNVM can be written with data along with device programming or using system service at run time. The data written to the sNVM can be protected by a device unique intrinsic PUF secret key (SMK) using AES-256 in the synthetic initialization vector (SIV) mode.

The data may be stored in any of the following formats (listed in the ascending order of access time) in sNVM:

Non-authenticated plaintext
Authenticated plaintext
Authenticated ciphertext

Non-authenticated plaintext provides the fastest access time and authenticated ciphertext is the slowest but provides the highest level of security. For authenticated plaintext or ciphertext, a user provided user sNVM key (USK) is used for authentication during read. When the user data is stored in non-authenticated format, 252 bytes of storage per page is available for user data. When the user data is stored in authenticated format, 236 bytes of storage per page is available for user data. If the data is programmed using authentication, the USK key used at the time of programming must be provided while retrieving the data using system service call. You must configure security policies of the Configure Security tool when authentication is used.

The data stored in plaintext format using device programming can be used to initialize LSRAM and µSRAM blocks in the FPGA fabric during device initialization.

sNVM configurator is available in Configure Design Initialization Data and Memories under Libero® Design Flow. Click Add to add data storage client in sNVM. Add USK Client when authentication is used.

Note: In Libero, the added USK client is stored in the user specified sNVM page and this USK is used for all the authenticated plaintext or authenticated ciphertext clients created in the Libero project. User application in the fabric may use a different USK and overwrite any of the sNVM data clients (not marked as ROM) using sNVM write system service during runtime. However, it causes design verification failure using bitstream, even if the data is same.

Figure 1. sNVM Configurator

Figure 2. sNVM Data Client Configuration

Figure 3. USK Client

Note: For PolarFire FPGA, if the data is programmed using authentication, then the USK key used at the time of programming must be provided while retrieving the data using the system service call. You must configure security policies of the Configure Security tool when authentication is used.

Note: For PolarFire SoC FPGA, only one USK client in the sNVM is allowed in Libero SoC. The sNVM system services can be used to use per-page USK. Here the per-page USK is not stored on the device but must be presented to the sNVM Read system service to correctly retrieve the data for each protected page. See PolarFire FPGA and PolarFire SoC FPGA System Services User Guide for more information.

Note: The authenticated writes to the sNVM using system services pass only after the SMK (sNVM Master Key) is successfully generated by the device. To generate the SMK, program the device with an authenticated client in sNVM using Libero SoC. When the SMK is generated, it can be used for performing authenticated writes to the sNVM through System Services firmware.