• State Resolved
  • Locked Locked
  • Replies 19 replies
  • Answers 2 answers
  • Subscribers 82 subscribers
  • Views 980 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS320F280025C: after secure the device by DCSM, the program cannot run after repower-on

Yale Li 李耀先
Expert 4660 points
Part Number: TMS320F280025C


Hi Team,

This is my customer's DCSM configurations based on the demo project dcsm_security_tool and related document spracp8a_C2000Tm DCSM Security Tool (Rev. A):

They also allocated the flash sector14, 15 to ZONE1, which means they already allocated the GRABRAM and GRABSECT.

The specific phenomenon is, after populated the password, the simulation by using JTAG works normal. But after repower-on, the program cannot run individually. They have already changed the password to the one they setting in gel file's Setup_DCSM() function.

The customer think that the program stuck in BOOT ROM, cause they blink the LED at the beginning of the program, and it not works.

--

Thanks & Regards

Yale

  • 0
    TI__Expert 4660 points

    +++

    adding information

    The customer said the program can running after secure all sector.

    But cannot when only secure several of the sector.

  • 0 in reply to Yale Li 李耀先
    TI__Expert 5430 points

    Hi,

    Yale Li 李耀先 said:
    The customer said the program can running after secure all sector.

    Based on this comment, I believe that the entire user code is in Flash. Please confirm that the Zone1 is still secured while execution? Any code that is required to make accesses all reside in the same zone due to which the application will be running. 

    Yale Li 李耀先 said:
    But cannot when only secure several of the sector.

    Reason for this could be an access from an unsecure Flash sector trying to read a secure Flash sector (in your case Sector 14/15) which is not allowed due to which the program may not be running. Please check you linker command file to make sure all accesses in your program happens as expected without any security violations. 

    Hope this helps

    Thanks & Regards

    Pramod

  • 0 in reply to Pramod P
    Prodigy 140 points

    thank you Pramod

    Yes, all my programs are in flash, and I used the DCSM_unlockZone1CSM() function to do the zone1 decryption after the main function initialized the PLL, but it still won't run offline after re-powering it up

  • 0 in reply to zhang xiaoming
    TI__Expert 5430 points

    Hi,

    I see a different key being provided to the zone CSMKEY when compared to the PSWD programmed in the SYSCFG snapshot from your earlier post. Please check if that is the rootcause. 

    When you say "all the programs are in Flash" please check if this all in secure Flash area. That is what I meant when I asked you to check your linker command configuration to see if there are no access which could be prevented by security which would make your application break while running standalone. 

    Thanks & Regards

    Pramod 

  • 0 in reply to Pramod P
    Prodigy 140 points

    thank you Pramod

    I'm sorry for misleading you, as I didn't keep a screenshot of the previous password, it caused the password to look different on the two pictures, and I can confirm that the password I entered is fine. All the program is in flash, but only sector 14 and sector 15 are protected, there is a problem with non-secure area code accessing secure area code, so I called the unlock function at the beginning of the program, if I have no problem using the decryption function in the program, I did the decryption at the beginning, and the access to the protected area later should be no problem, but it still doesn't work Offline

    Thanks & Regards

  • 0 in reply to zhang xiaoming
    Prodigy 140 points

    As you say, there is a real problem with accessing protected area code in linked files. I don't understand why I can't complete the unlocking of the protected area when I call the unlock function at the start of the program. Only some sectors are protected and there is code in the linked file that accesses the safe sectors, how can I do the unlocking of the safe area in this case?

    Thanks & Regards

  • +1 in reply to zhang xiaoming
    TI__Expert 5430 points

    Hi,

    Thanks for confirming on the key you have entered. What I see is over here is that you have 2 areas in the code. One is the secure area of code in Flash sectors 14 and 15. The rest of the unsecure code which is in the rest of the Flash/RAM which I believe is unsecure in your security settings. 

    Now, the unsecure portion of the code is allowed to execute the code from the secure portion of the code which is allowed. However, during this execution, read/write from unsecure area of the code to the secure area of the code isn't allowed. Now this could be your application local variables/global variables/Stack etc. any other program initialization code which could be in the unsecure area of the code. Also based on the earlier responses in the post, the code works fine if all the Flash sectors are secure (Please confirm if only Flash sectors are secure or you are securing even the RAM). This definitely gives an indication that somewhere in the code execution, there is a read access(write not possible as the target memory is Flash) from unsecure FLash/RAM to secure area of Flash.

    I would suggest you to modify the linker step by step by bringing one section after another from unsecure area to secure area. That'll give you a way in identifying which portion of the code is actually causing this restricted write. You could then move the respective section as well to the secure area or alternately unlock the zone just before the corresponding write to the secure area happens. 

    Hope this makes sense. 

    Thanks & Regards

    Pramod

  • 0 in reply to Pramod P
    Prodigy 140 points

    thank you Pramod

    Yes, with all FLASH sectors protected (no RAM protected) the program can run offline.
    I unlocked the safe area at the very beginning of the main function, why doesn't it work?

  • 0 in reply to zhang xiaoming
    Prodigy 140 points

    The code I'm currently testing is the boot program, which is mainly stored in sectors 0 to 4, but also allocates the contents of sector 15. I've only protected sectors 14 and 15, so it's non-safe code accessing safe zone code

  • +1 in reply to zhang xiaoming
    TI__Expert 5430 points
    zhang xiaoming said:
    The code I'm currently testing is the boot program, which is mainly stored in sectors 0 to 4, but also allocates the contents of sector 15. I've only protected sectors 14 and 15, so it's non-safe code accessing safe zone code

    I don't think unlocking is even required as long as your unsafe code is just executing a function from safe region. The issue comes up only when the unsafe code is trying to read/write code inside safe area while the Zone is locked. (this is what is breaking your program I think). 

    zhang xiaoming said:
    I unlocked the safe area at the very beginning of the main function, why doesn't it work?

    I don't think it is even reaching main in the first place. There are some compiler related code that'll be executed prior to entering main which is responsible to initialize stack and global variables used in the code. Please try and halt the device upon connecting it to a debugger once out of reset. You can consider unlocking the zone in a GEL file. You should be able to halt at the main code and attempt a step debug to see where the code execution is going for a toss. 

    Thanks & Regards

    Pramod

  • 0 in reply to Pramod P
    Prodigy 140 points

    Thank you for your patience.
    I changed the correct password in the Setup_DCSM function in the GEL file and re-burned it, but it still won't run offline!

  • 0 in reply to zhang xiaoming
    TI__Expert 5430 points

    In the case where the code isn't running, can you confirm if you are able to connect to the target on CCS? If not, please try once by unlocking the ECSL in the code itself. 

    Either ways, please share your DCSM settings and your project with pseudo code. I'll check it out sometime before end of next week and get back on any findings.  

     

    Thanks & Regards

    Pramod

  • 0 in reply to Pramod P
    Prodigy 140 points

    sorry to bother you Pramod

    Another new problem: all my programs are placed in FLASH, previously I encrypted all FLash sectors and the programs could run offline. But after I changed the ZSB and re-encrypted all flash sectors, this time the program doesn't run properly offline. Both encryption operations were done with ZONE1

    Thanks & Regards

  • +1 in reply to zhang xiaoming
    TI__Expert 5430 points

    Hi,

    While changing the ZSB, apart from securing all the Flash sectors to Zone1, what other DCSM settings were modified? Please share your Zone 2 settings that are made as well to see if there are any configurations present which will prevent execution from the Flash locations. Also, please try executing the program by unlocking the Zone1 at the beginning of your application code to see if it works. 

    Note: I am on leave for the rest of the week and will be available for support during the coming week. Please expect a delay in my response. 

    Thanks & Regards

    Pramod 

  • 0 in reply to Pramod P
    Prodigy 140 points

    okay,get it .Have a nice vacation.Pramod

    zone2 maintains the default configuration.I tried putting in the program to start unlocking, but it didn't work.

    The last image is the zone1 header configuration.Looking forward to your response

    Thanks & Regards

  • 0 in reply to zhang xiaoming
    TI__Expert 5430 points

    Hi,

    Could you please confirm if the program is entering main function in the non-working case? (You could put a while loop and keep toggling a GPIO to confirm the same). I believe this could be the source of your issue.

    Also when you say Zone2 maintains default configuration, please ensure that GRAB settings for Zone2 are "10 instead of 11". 

    Please share your full security settings and your pseudo application code (you can remove your actual application and replace it with some dummy routines if needed) so that I have a better visibility on commenting why the application may not run in certain configuration and why it does work in certain configuration. 

    Just curious on way you don't intend to proceed by securing all resources (all Flash sectors in your case). It might as well be secure which would be more desirable.  

    Thanks & Regards

    Pramod 

  • 0 in reply to Pramod P
    Prodigy 140 points

    thank you Pramod

    I tested it using GPIO in the main function and it didn't go to the main function.

    Encrypting some FLASH sectors was a small test I did.
    New problem now: after encrypting all sectors, the program can't run offline


    Supplementary note: the control board is flash boot, by pulling up GPIO24 and GPIO32 in hardware, the boot mode is flash boot, before using DCSM, the control board is powered on, GPIO32 and GPIO24 are both high, after using DCSM to encrypt all flash sectors, 32 is high, 24 is low, may be thus I can't boot from flash, how to solve this problem?
    Here is my DCSM detailed configuration information (all sectors encrypted)

  • +1 in reply to zhang xiaoming
    TI__Expert 5430 points

    Hi,

    Let us take a step back and approach this problem. I would suggest you to follow this sequence to see where the program breaks. 

    1. Run the application without configuring any DCSM settings. (GRAB bits, Zone UNLOCKED). This I believe you are already running and it is working fine. 

    2. Run the application by configuring all the DCSM settings except the passwords. Please leave them to be the CSM default passwords. (reason for this, is that, based on the link pointer, bootROM will automatically unlock the zones in this case since it is the default password. 

    3. Run the application by configuring all DCSM settings including the custom Z1 CSM password, you intend to program, but leave Zone2 default and unlocked. This is where I believe your application fails to run. 

    I am curious on #2 case above to determine whether it is really an issue with DCSM settings. Based on the snapshots, the DCSM configuration loos fine. 

    Thanks & Regards

    Pramod