Key Mode Locks

Key modes are used to select the root key and algorithm to encrypt and/or authenticate data in a device protocol, for example, the bitstream loading protocol. Not all key modes are applicable to every protocol, and some combinations are only supported if the optional secure production programming solution (SPPS) is used. key modes can be disabled using lock bits.

In a new device, any one of the supported factory key modes may be used to load the initial user keys in encrypted form. After the user keys are loaded, all the factory key modes are automatically disabled, leaving only the user key modes in operation. Thus, any subsequent bitstream update must be done using the user keys.

Key modes associated with keys that are not loaded are also automatically disabled. It is required to match the FlashLock passcode to allow the key mode lock bits to be erased, after which they can be reprogrammed by a new bitstream.

In the Configure Security Wizard, click User keys and select Disable UEK1 and Disable UEK2 to disable UEK1 and/or UEK2 key mode, as shown in the following figure.

Figure 1. Disable Key Mode using Configure Security Wizard