ProASIC3 Flash Family FPGAs
2-48 Advanced v0.2
shipped to an untrusted programming or manufacturing
center for final personalization with an AES encrypted
bitstream. Late stage product changes or personalization
can be implemented easily and securely by simply
sending a STAPL file with AES encrypted data. Secure
remote field updates over public networks (such as the
Internet) are possible by sending and programming a
STAPL file with AES encrypted data.
128-Bit AES Decryption7
The 128-bit AES standard (FIPS-192) block cipher is the
NIST (National Institute of Standards and Technology)
replacement for the DES (Data Encryption Standard
FIPS46-2). AES has been designed to protect sensitive
government information well into the 21st century. It
will replace the aging DES, which NIST adopted in 1977
as a Federal Information Processing Standard used by
federal agencies to protect sensitive, unclassified
information. The 128-bit AES standard has 3.4x1038
possible 128-bit key variants, and it has been estimated
that it would take 1,000 trillion years to crack 128-bit
AES cipher text using exhaustive techniques. Keys are
stored (securely) in ProASIC3 devices in nonvolatile Flash
memory. All programming files sent to the device can be
authenticated by the part prior to programming to
ensure that bad programming data is not loaded into
the part that may possibly damage it. All programming
verification is performed on-chip, ensuring that the
contents of ProASIC3 devices remain secure.
AES decryption can also be used on the 1,024-bit FROM
to allow for secure remote updates of the FROM
contents. This allows for easy, secure support for
subscription model products. See the application note,
ProASIC3/E Security, for more details.
ISP
ProASIC3 devices support IEEE1532 ISP via JTAG and
require a single VPUMP voltage of 3.3 V during
programming. In addition, programming via a
Microcontroller (MCU) in a target system can be
achieved. See the application note In-System
Programming (ISP) in ProASIC3/E Using FlashPro3 for
more details.
JTAG 1532
Programming
ProASIC3 devices support the JTAG-based IEEE1532
standard for ISP. As part of this support, when a ProASIC3
device is in an unprogrammed state, all user I/O pins are
disabled. This is achieved by keeping the global IO_EN
signal deactivated, which also has the effect of disabling
the input buffers. Consequently, the SAMPLE instruction
will have no effect while the ProASIC3 device is in this
unprogrammed state. This is different behavior from
that observed in the ProASICPLUS device family. This lack
of effect is necessitated by the fact that SAMPLE is
defined in the IEEE1532 specification as a noninvasive
instruction. If the input buffers were to be enabled by
SAMPLE temporarily turning on the I/Os, then it would
not truly be a noninvasive instruction, hence the lack of
effect when the ProASIC3 device is in this
unprogrammed state. Refer to the standard or the In-
System Programming (ISP) in ProASIC3/E Using FlashPro3
application note for more details.
Boundary Scan
ProASIC3 devices are compatible with IEEE Standard
1149.1, which defines a hardware architecture and the
set of mechanisms for boundary-scan testing. The basic
ProASIC3 boundary-scan logic circuit is composed of the
TAP (test access port) controller, test data registers, and
instruction register (Figure 2-38 on page 2-49). This
circuit supports all mandatory IEEE 1149.1 instructions
(EXTEST, SAMPLE/PRELOAD, and BYPASS) and the
optional IDCODE instruction (Table 2-22 on page 2-49).
Each test section is accessed through the TAP, which has
five associated pins: TCK (test clock input), TDI, and TDO
(test data input and output), TMS (test mode selector),
and TRST (test reset input). TMS, TDI, and TRST are
equipped with pull-up resistors to ensure proper
operation when no input data is supplied to them. These
pins are dedicated for boundary-scan test usage. Actel
recommends that a nominal 20 kΩ pull-up resistor be
added to TDO and TCK pins. The TAP controller is a 4-bit
state machine (16 states) that operates as shown in
Figure 2-38 on page 2-49. The 1s and 0s represent the
values that must be present at TMS at a rising edge of
TCK for the given state transition to occur. IR and DR
indicate that the instruction register or the data register
is operating in that state.
ProASIC3 devices have to be programmed at least once
for complete boundary-scan functionality to be
available. If boundary-scan functionality is required prior
to partial programming, refer to online technical support
on the Actel website and search for ProASIC3 BSDL.
The TAP controller receives two control inputs (TMS and
TCK) and generates control and clock signals for the rest
of the test logic architecture. On power-up, the TAP
controller enters the Test-Logic-Reset state. To guarantee
a reset of the controller from any of the possible states,
TMS must remain high for five TCK cycles. The TRST pin
7. The A3P030 device does not support AES decryption.