Various programmable logic devices (PLDs), such as field programmable gate arrays (FPGAs) or complex programmable logic devices (CPLDs), may be programmed with configuration data to provide various user-defined features. In certain PLDs, configuration data may be programmed into a non-volatile memory, such as a flash memory, for non-volatile storage of the configuration data that can be transferred to the volatile configuration memory to configure the PLDs.
In the course of implementing a PLD, a developer may repeatedly configure the PLD with different versions of configuration data to test the PLD for suitable operation. However, after a final version of the configuration data is determined and programmed into the non-volatile memory, the developer may wish to secure the configuration data by limiting the ability of others (for example, end users) to subsequently alter the contents of the non-volatile memory.
One approach to securing the configuration data includes the use of a single one-time-programmable (OTP) security fuse implemented as a single flash memory cell. When programmed, the single security fuse may prevent alteration of the configuration data in the non-volatile memory of the PLD. Unfortunately, this approach can cause unintended problems for developers.
For example, if a developer inadvertently programs the single security fuse before a final version of configuration data has been programmed into the non-volatile memory, then the PLD may be rendered permanently inoperable. Such accidental programming may occur, for example, as a result of a power interruption during a pre-programming operation performed on the non-volatile memory.
As another example, if the manufacturing process causes the initial “virgin” state of the single security fuse to correspond to a programmed state, the PLD may be rendered similarly inoperable. Furthermore, because the single security fuse cannot be programmed without also disabling the ability to program the non-volatile memory, it may not be possible for developers to test the single security fuse to determine its operation following manufacture.
In order to address such shortcomings of the single security fuse, developers may provide the PLD with additional circuitry and/or override features, such as a particular mode of operation authorized by a manufacturer's code or control string. Nevertheless, such provisions can create loopholes that may potentially be exploited by third parties to defeat the single security fuse.
Accordingly, there is a need for an improved approach to PLD configuration data security that, for example, reduces the likelihood of inadvertently disabling the ability to program configuration data and provides developers with reasonable opportunities to test such security features.