Security Options - Lattice Semiconductor MachXO2 Programming And Configuration Usage Manual

Security Options

The Security Options allow you to select from a range of options for tracking or securing the MachXO2 device.
Table 19 provides a summary of these options.
Table 19. Security Options
Option Name
TRACEID
MY_ASSP
CONFIG_SECURE
ONE_TIME_PROGRAM
TRACEID
The MachXO2 introduces a new feature called TraceID. TraceID stamps each MachXO2 with a unique 64-bit ID. No
two MachXO2 devices will have the same TraceID value even when they are loaded with the same configuration
data. This differs from a USERCODE which is present in the configuration data. Every device that receives the con-
figuration data using a USERCODE receives the same USERCODE value.
The TraceID is 64 bits long with the least significant 56 bits being immutable data. The 56 bits are a combination of
the wafer lot, the wafer number and the X/Y coordinates locating the die on the wafer. The most significant eight
bits are provided by you and are stored in the Feature Row. The TraceID is changed using the Diamond Spread-
sheet View. You enter a unique 8-bit binary value in the TraceID field and generate configuration data.
You can read more about the TraceID feature in TN1207,
MY_ASSP
Every Lattice device has its own identification code identifying the device family, device density, and other parame-
ters (e.g. voltage, device stepping, etc.). The code is accessible from any MachXO2 configuration port. The value
stored in the IDCODE register allows you to uniquely identify a Lattice device.
The MY_ASSP preference permits you to change the value returned when the IDCODE is read from the FPGA.
Set the MY_ASSP preference to the ON state. Turning the MY_ASSP ON enables the CUSTOM_IDCODE prefer-
ence.
CUSTOM_IDCODE
The CUSTOM_IDCODE is the value you assign to override the default IDCODE in the MachXO2 device. You are
only allowed to enter a 32-bit hexadecimal or binary value when the MY_ASSP preference is ON.
Overriding the IDCODE prevents the Lattice programming software from being able to identify the MachXO2
device, and as a result, prevents Programmer from being able to directly program the MachXO2 device. It is neces-
sary to migrate to generating Serial Vector Format (SVF) files in order to program MY_ASSP enabled MachXO2
devices.
CONFIG_SECURE
When this preference set to ON, the read-back of the SRAM memory and the Configuration Flash memory are
blocked. The read-back of the UFM will also be blocked if the bitstream overflows into the UFM block. The
MachXO2 device cannot be read back, nor can it be programmed without erasing. The device must be erased in
order to reset the security setting. The CONFIG_SECURE fuse and the Configuration Flash are erased in tandem.
Once the security fuses are reset, the device can be programmed again.
ONE_TIME_PROGRAM
The MachXO2 has One Time Programmable (OTP) fuses that can be used to prevent the on-chip memory from
being erased or programmed. The MachXO2 device has three OTP security fuses, one for each of the following
memory sectors: SRAM, Configuration Flash, and UFM. This preference provides options to set the OTP security
for each memory sector.
MachXO2 Programming and Configuration Usage Guide
Default Setting
<all zero>
OFF
OFF
OFF
8-bit arbitrary
OFF, ON
OFF, ON
OFF, FLASH, FLASH_UFM, FLASH_UFM_SRAM
Using TraceID in MachXO2
36
All Settings
Devices.