This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS320F280039C: DCSM with an all-zero password to permanently lock a zone

Part Number: TMS320F280039C

Dear Champs,

I am asking this for our customer.

In 5.2.1 CSM Passwords of TRM, it says,

"If the password locations of a zone have all 128 bits as zeros (ALL_0), that zone becomes permanently secure (LOCKED state), regardless of the contents of the CSMKEYx registers which means the zone cannot be unlocked using PMF, the password match flow described in Section 5.7.4. Therefore, the user should never use ALL_0 as password. A password of ALL_0 will prevent debug of secure code or reprogramming the Flash sectors. CSMKEYx registers are user-accessible registers that are used to unsecure the zones."

Now, in a special case, the user prefers to use ALL_0 password to permanently lock part of flash.

Questions:

1. If the user only uses Zone1 with ALL_0 password to lock bank0 permanently and other parts (bank1/bank2) are non-secure, they can still connect JTAG to program bank1/bank2 and can also update firmware on bank1/bank2. Is it right?

2. After the user programs OTP to use Zone 1 with ALL_0 password to lock bank0 permanently, there is NO WAY to program OTP again to change other parts (part of bank1/bank2) from non-secure to secure by Zone1 to avoid any code modification in bank0 from the other parts. Is it right?

3. If they only use bank0, can we accept failure analysis for other part of flash (bank1/bank2) if they waive anything wrong related to bank0?

  • Hi Wayne,

    1) Yes this is correct. However if the customer is using JTAGLOCK, they will be unable to view or change their JTAG passwords after permanently locking the zone, so they should test the JTAG unlock feature before permanently locking the zone if they wish to use JTAGLOCK.

    2) Once the zone is permanently locked, all USER OTP for zone 1 will become inaccessible and unchangeable, so zone 1 will not be able to secure any new memories.

    3) I'm  not sure I understand this question. What do you mean by "can we accept failure analysis"? Could you provide an example of the situation you're referring to?

    Thank you,

    Luke

  • Dear Luke,

    3) For failure analysis (customer return), we know it may not be accepted if the user cannot provide the right DCSM password for TI internal to unlock. In the above case, bank0 is locked permanently but bank1/bank2 are not secure. The user wonders if failure analysis can still be accepted/processed as long as  bank0 is ignored?

    That is, the user may still request failure analysis except for anything related to bank0.

  • Hey Wayne,

    I'm awaiting a response from our failure analysis expert whether this is possible, I'll provide you an update by tomorrow.

    Thank you,

    Luke

  • Hi Wayne,

    This conversation has moved to email but I'll leave this thread open incase you have any additional questions.

    Thank you,

    Luke