• State Resolved
  • Locked Locked
  • Replies 7 replies
  • Subscribers 82 subscribers
  • Views 771 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

TMS320F28388D: OTP programming

TMS320F28388D: CSM Password

CH
Prodigy 140 points

Part Number: TMS320F28388D
Other Parts Discussed in Thread: SYSCONFIG

Hello,

How can the CSM password be programmed with CCS? As shown below, why is the address 0x5f01x?

What does the 4 buttons mean? And how to use them?

I have already programmed the JTAG lock password, but in the code i am able to read the JTAG lock OTP registers.

If the CSM password is programmed, do i still have the read access to the OTP register? Or only with CSM password correctly provided, i am able to read the OTP register?

Thanks.

  • 0
    TI__Mastermind 28580 points

    Hello Chao,

    The addresses 0x5f01x corresponds with the addresses of the CSMKEY registers. The On-Chip flash tool writes to these registers to unlock the zone.

    I'll explain the 4 buttons:

    • "Program": Programs the passwords entered in the 4 fields to the CSMPSWD fields in user OTP. The zone select block where these passwords will be programmed depends on the value in the LINKPOINTER field
    • "Lock": Locks the zone if the passwords entered in the 4 fields matches the passwords in the active zone select block
    • "Unlock": Unlocks the zone if the passwords entered in the 4 fields matches the passwords in the active zone select block
    • "ECSL Unlock": Disables ECSL Tripping. When ECSL is locked, any breakpoint in secure code will disconnect the JTAG from the device. If CSMPSWD0 and CSMPSWD1 in the On-Chip flash tool match the passwords programmed in user OTP, ECSL tripping will be disabled and the user will be able to set breakpoints in secure code, however the zone will still be secure and data reads to secure resources via JTAG/memory browser will still return 0

    When a DCSM zone is locked, all User OTP locations become secure, so if you've programmed CSM passwords, you must unlock the zone first before reading Z1OTP_JLM_ENABLE

  • 0 in reply to Luke Jones
    Prodigy 140 points

    Hello Jones,

    so it means:

    1. "Program" can be used to write the password into OTP.

    2. in the software i have to write the code to do the Password matching flow with CSM password to unlock the Zone, so i will be able to read the OTP registers.

    Q: is it correct?

    Q: if i have both JTAG password programmed and CSM password programmed, when unlocking the JTAG port, what should be the unlocking sequence?

    do i have to unlock the Zone with CSM password first, then do JTAG  unlock? or i dont need to unlock the Zone with CSM password?

    The exact case what i have is i have the JTAG lock feature implemented(JTAG lock is enabled and JTAG password is programmed into the OTP), but i find out the OTP register however is still readable, regardless if the JTAG is locked or unlocked. I can use a piece of code in the software to read the JTAG password register and then i have the password, it is not secure.

    After reading some parts in the reference manual, i think CSM password is used to make the OTP registers no more readable, thats why i am asking.

    Q: what i have also read is there is Password Lock, will it protect the OTP JTAG password register from being read? Or it protects only CSM password in OTP from being read? Finally, what do i have to do if i would like to protect the JTAG password OTP registers from being read?

    Thanks.

  • 0 in reply to CH
    TI__Mastermind 28580 points

    1. Yes this is correct

    2. You don't need to unlock the zone in your software, this can be accomplished through the CCS On-Chip Flash tool via JTAG

    Q: To unlock the JTAG, open your target configuration/ccxml file, click Advanced -> JLM, and enter your JTAG passwords. Then you should be able to connect to the target as you would normally.

    Unlocking the CSM passwords is not necessary to unlock JTAG, however you must lock the zone using the CSM password to prevent the JTAG password from being viewable by your software.

    Password lock makes it so that the CSM passwords are secure when the zone is locked. Without password lock enabled, the CSM passwords can be read in the OTP. You MUST enable password lock in your end application to protect your passwords. All other DCSM settings such as the JTAG password are secure whenever the zone is locked.

  • 0 in reply to Luke Jones
    Prodigy 140 points

    I did the following:

    1. I programmed the CSM password, the target can be connected, but when i try to flash the target, it reports error, unfortunately i dont have any more the error message. in order to perform the flashIng, i have to type in the CSM password and click the "Unlock" button, then i am able to do the flash. But every time click the unlock is not what we want.

    2. then i was checking the Z1_GRABSECT1R (Zone 1 Grab Flash Status Register 1), as i see from the register content view every byte is 11, i tried to programm it to 10. i only use CPU 1. So the content in Z1_GRABSECT1R is now 0AAAAAAA(i dont know what is the default value, i tried to programm FAAAAAAA, it does not work). 

    after step 2, i can connect to target and then perform the flashing without CSM passowrd unlock. But the programm does not run, so i am trying to programm the Z1_GRABRAM1 and Z1_GRABRAM2(Zone 1 Grab RAM Status Register 1/2). then error occurs as below.

    What should be the correct value?

  • 0 in reply to CH
    TI__Mastermind 28580 points

    Hello Chao,

    This error usually means the location in flash you are programming has bits that were already programmed to a 0, however you are trying to program these bits to a 1, which is not allowed in USER OTP. Can you unlock the zone using your CSM passwords and view the values currently programmed between 0x78000 and 0x78040? This will confirm whether you are attempting to program any bits from a 0 to a 1.

    Thank you,

    Luke

  • 0 in reply to Luke Jones
    Prodigy 140 points

    Hello,

    as shown in the picture, i think i have put the correct value in.

  • +1 in reply to CH
    TI__Mastermind 28580 points

    Hi Chao,

    It looks like GRABRAM2 and GRABRAM3 have already been programmed. By default they should be all Fs. Once any 64 bit block in USER_OTP has been programmed, all bits in that block are permanently programmed. The only exception to this rule is the linkpointer and JLM_ENABLE. For GRABRAM2 and GRABRAM3, you won't be able to program them to a new value.

    However you can still update these settings by updating the linkpointer to use next zone select block. Aka if you program the linkpointer to 3FFE, you can reprogram all of the grabram and grabsect fields. I would recommend using SysConfig to do this as it automatically checks whether the CSM passwords you attempt to program are valid or not. If you don't wish to program your .out file using Sysconfig, you can check the default passwords for the next zone select block and make sure none of the bits in the passwords you are attempting to program contain '1's where a bit in user OTP is already programmed to '0'.

    The default passwords are listed in the "Default Value of ZxOTP" table in the TRM.

    Let me know if you have any further questions.

    Thank you,

    Luke