Table of Contents
Advertisement
www.ti.com
PMF executed with
correct password?
No
No
Yes
The CSM password for each zone is stored in their respective dedicated flash sectors. These locations
store the CSM password pre-determined by the system designer.
If the password locations of a zone have all 128 bits as ones, the zone is unsecure. Since new flash
devices have erased flash (all ones), only a read of the password locations is required to bring any zone
into unsecure mode. If the password locations of a zone have all 128 bits as zeros, the zone is secure,
regardless of the contents of the CSMKEY registers. The user should not use all zeros as a password or
reset the device during an erase of the flash. Resetting the device during an erase routine can result in
either an all zero or unknown password. If a device is reset when the password locations are all zeros, the
device cannot be unlocked by the password match flow described in
of all zeros will seriously limit user's ability to debug secure code or re-program the flash.
NOTE: If a device is reset while the password locations of a zone are all zeros or an unknown value,
that zone will be permanently locked unless a method to run the flash erase routine from
secure SARAM is embedded into the flash or OTP. Care must be taken when implementing
this procedure to avoid introducing a security hole.
1.10.1.1 Emulation Code Security Logic (ECSL)
In addition to the CSM, the emulation code security logic (ECSL) has been implemented using a 64-bit
password for each zone to prevent unauthorized users from stepping through secure code. Any code or
data access to on-chip secure memories while the debug probe is connected will trip the ECSL and break
the emulation connection. Like the CSM password, these passwords are also stored in flash memory and
the value of password is predetermined by the system designer. To allow emulation of secure code, while
maintaining the CSM protection against secure memory reads, the user must write the correct password
into the ECSLKEY registers, which matches the password value stored in the flash. This will disable the
ECSL. Also, if the value at the ECSL password locations in flash are all ones (unprogrammed), then ECSL
gets disabled after ECSL password locations are read, irrespective of the values in ECSLKEY registers.
Unlocking of the CSM also unlocks ECSL irrespective of the values in the ECSLKEY registers.
When initially debugging a device with the password locations in flash programmed (that is, secured), the
debug probe takes some time to take control of the CPU. During this time, the CPU will start running and
may execute an instruction that performs an access to a protected ECSL area. If this happens, the ECSL
will trip and cause the debug probe to be disconnected.
Two solutions to this problem exist:
1. The first is to use the Wait-In-Reset emulation mode, which will hold the device in reset until the debug
probe takes control. The debug probe must support this mode for this option.
2. The second option is to use the "branch to check boot mode" boot option. In this mode, the core will be
in a loop and continuously poll the boot mode select pins. You can select this boot mode and then exit
this mode once the debug probe is connected by re-mapping the PC to another address or by
changing the boot mode selection pin to the desired boot mode.
NOTE: Access to the secure memory from the debuuger does not trip the debug probe. These
accesses are just blocked and return '0'.
SPRUH22I – April 2012 – Revised November 2019
Submit Documentation Feedback
Table 1-28. Security Levels
Operating Mode of the
Program Fetch
Zone
Secure
Outside secure memory Only instruction fetches by the CPU are allowed to
Secure
Inside secure memory
Non-Secure
Copyright © 2012–2019, Texas Instruments Incorporated
Location
secure memory. In other words, code can still be
executed, but not read.
CPU has full access. The JTAG port cannot read
the secured memory contents.
Anywhere
Full access for the CPU and JTAG port to secure
memory of that zone.
Section
Code Security Module (CSM)
Security Description
1.10.3.2. Using a password
System Control and Interrupts
145
Advertisement
Chapters
Table of Contents
