• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Subscribers 30 subscribers
  • Views 184 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

MSPM0G3519: Security-related questions

Francois Charlot
Mastermind 28137 points
Part Number: MSPM0G3519

Tool/software:

Hello,

We found some errors and inaccuracies in some documents during a customer review:

  • MSPM0 MCUs Development Guide SLAAED1E, section 7.5 Set SWD Password mentions the SWDPW registers in NONMAIN. Actually, these registers look to be named PWDDEBUGLOCK. Please confirm.
  • MSPM0G TRM SLAU846B, section 1.6.2 covering the BOOTCFG0 field of the M0Gx51x MCUs looks incomplete compared to section 1.5.2 covering the M0Gx50x MCUs. Please confirm that the settings of the BOOTCFG0 register are identical for both the M0Gx50x and M0Gx51x MCUs.

We also want confirmation that the following setting are sufficient for the mass production setting for which customer want Security Level 2 as defined in section 1.4.2.1 Serial Wire Debug Related Policies and locking NONMAIN through static write protection as noted at the end of section 1.4.2.1.3 SWD Security Level 2:

  • BOOTCFG0.SWDP_MODE and BOOTCFG0.DEBUGACCESS are both set to disabled (both set to 5566h).
  • BOOTCFG2.SWPNONMAIN is set to disabled (any value other than AABBh).
  • Is there anything missing?

Thank you.


Best regards,
François.

  • +1
    TI__Mastermind 18377 points
    Francois Charlot said:
    MSPM0 MCUs Development Guide SLAAED1E

    This is a common question summary guide, may not so accuracy enough, please let customer refer to TRM firstly.

    Francois Charlot said:
    MSPM0 MCUs Development Guide SLAAED1E, section 7.5 Set SWD Password mentions the SWDPW registers in NONMAIN. Actually, these registers look to be named PWDDEBUGLOCK. Please confirm.

    Yes, name is different, it's 1.6.12 DEBUGLOCKPWDDIGEST[y] in G3519.

    Francois Charlot said:
    MSPM0G TRM SLAU846B, section 1.6.2 covering the BOOTCFG0 field of the M0Gx51x MCUs looks incomplete compared to section 1.5.2 covering the M0Gx50x MCUs. Please confirm that the settings of the BOOTCFG0 register are identical for both the M0Gx50x and M0Gx51x MCUs.

    1.5.2's content of SWDP_MODE is correct.

    1.5.2's content of DEBUGACCESS, only AABBh and CCDDh is avaliable (this difference will be update in next TRM update.)

    FLASH_ERR_02 in Errata.

    Here is the full description of DEBUGACCESS:

    Default: AABBh
The debug access policy for accessing the AHB-AP, ET-AP, and
PWR-AP debug access ports. Note that if SWDP_MODE is set to
DISABLED, the value of this field is ignored and the debug port will
remain fully locked.
CCDDh = Access to AHB-AP, ET-AP, and PWR-AP via SWD is only
enabled when the correct password is provided via the DSSM before
BCR execution. (CCDDh and all other values NOT 0xAABB).
AABBh = Access to AHB-AP, ET-AP, and PWR-AP via SWD is
enabled.

    Both G3507 and G3519 can follow this description.

    Francois Charlot said:
    Is there anything missing?

    There still BSL mode can be used to access M0, customer need to disable BSL mode in nonmain.

  • 0 in reply to Helic Chi
    TI__Mastermind 28137 points

    Hello Helic,

    Thank you for the quick response.

    Helic Chi said:
    FLASH_ERR_02 in Errata.

    The erratum says "Debug disable in NONMAIN can be re-enable using default password", but I saw nowhere the mention of a default password. Is it documented somewhere?


    Best regards,
    François.

  • +1 in reply to Francois Charlot
    TI__Mastermind 18377 points

    Customer still can disbale SWD by set BOOTCFG0.SWDP_MODE = 5566h.

    This register has higher priority than DEBUGACCESS bit.

  • +1 in reply to Helic Chi
    TI__Mastermind 28137 points

    Hello Helic,

    Thank you. This closes this discussion.

    For the reader's sake as we discussed some details outside of e2e: the default password referred to above is not documented as such since on M0G351x, this password is not stored in clear in NONMAIN memory, but rather its SHA2 digest is stored. So by "default password", we meant here "a password which SHA2 digest corresponds to the reset value of DEBUGLOCKPWDDIGEST".


    Best regards,
    François.