Dear Champs,
I am asking this for our customer.
In 5.2.1 CSM Passwords of TRM, it says,
"If the password locations of a zone have all 128 bits as zeros (ALL_0), that zone becomes permanently secure (LOCKED state), regardless of the contents of the CSMKEYx registers which means the zone cannot be unlocked using PMF, the password match flow described in Section 5.7.4. Therefore, the user should never use ALL_0 as password. A password of ALL_0 will prevent debug of secure code or reprogramming the Flash sectors. CSMKEYx registers are user-accessible registers that are used to unsecure the zones."
Now, in a special case, the user prefers to use ALL_0 password to permanently lock part of flash.
Questions:
1. If the user only uses Zone1 with ALL_0 password to lock bank0 permanently and other parts (bank1/bank2) are non-secure, they can still connect JTAG to program bank1/bank2 and can also update firmware on bank1/bank2. Is it right?
2. After the user programs OTP to use Zone 1 with ALL_0 password to lock bank0 permanently, there is NO WAY to program OTP again to change other parts (part of bank1/bank2) from non-secure to secure by Zone1 to avoid any code modification in bank0 from the other parts. Is it right?
3. If they only use bank0, can we accept failure analysis for other part of flash (bank1/bank2) if they waive anything wrong related to bank0?