• State Resolved
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 83 subscribers
  • Views 1466 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Unsecuring the CSM?

Elmer Medina
Prodigy 170 points

I am using a TMA320F2809 and recently ran out of RAM memory for debugging purposes.  I reallocated memory in my .cmd file to utilize L1 SARAM.  While running my program I noticed it was not running as expected.  I have done some research and found out code running in non-secure memory cannot access data in secure memory.


So I have been trying to unsecure the the CSM protected memory.  I have a Blackhawk USB510L emulator and go to Debug mode in CCS 5.2.1, open a Memory Browser and go to location 0x3F7FF8 in Data space.  The problem is I am reading all zeros?? From the documentation and the  posts I have read all that is needed to unsecure the memory are dummy reads of the memory locations 0x3F7FF8 to 0x3F7FFF.  I have tried to refresh the Memory browser and that has had not effect.

Are the data locations 0x3F7FF8 - 0x3F7FFF also considered part of the Secure Zone and as such I can only read-back zeros?

I have multiple hardware units and have tried this on two so far and they both return zeros.  I have been writing and debugging code in RAM and haven't tried to program the FLASH yet so I am not sure how this has happened?

Thanks

Elmer

  • 0
    TI__Expert 8500 points

    Elmer,

    The CSM passwords are held at 0x3F7FF8 - 0x3F7FFF in Flash memory. On a fresh device, the entire Flash should be erased (all 0xFFFF). However, the first time you read these locations the CSM is locked, so you will receive 0x0000 back from. This dummy read triggers the CSM. If the Flash at these locations is erased (all 0xFFFF) the CSM should automatically unlock. If the Flash at these locations is programmed to a known value, then to unlock the CSM after performing the dummy read, write that known value to addresses 0x0AE0 - 0x0AE7. Once you write the matching password (and have performed a dummy read of the Flash password locations) the CSM should unlock. The one exception is if the Flash password locations do truly contain all zeros. This will permanently lock the device. There are four ways you can tell if the device is unlocked:

    1) Performing an additional read of the Flash password locations should yield a value other than all 0x0000,
    2) Reading secure memory (Flash or secure RAM) should yield a value other than all 0x0000 (assuming the data isn't 0x0000; if the CSM is still secure or if the data really is zero then you will see 0x0000 when you read secure locations),
    3) On an unlocked device you should be able to modify the L0 or L1 RAM, or,
    4) Read bit 0 of address 0x0AEF (if a one, the CSM is still locked; zero equals unlocked).

    If you find that the CSM is still locked and you don't know the password (or the password doesn't seem to work), unfortunately there is no way to unlock the device. You have to get another device.

    If you believe that the device was permanently locked when it was shipped to you, you can return it to TI through the RMR process for Failure Analysis.

    Regards,
    Dave Foley

     

  • 0 in reply to David Foley
    Prodigy 170 points

    Dave,


    Thanks.  I had already performed the steps you outlined above.  This is the 2nd device (2 of 2) which is showing this issue.  I haven't tried to program the flash yet, so I am confused as to what is happening.

    My hardware design is such that the boot mode is Boot to Flash - could this be the issue.  I am powering up the hardware and then starting CCS and going to the Debug perspective and connecting to the target.

    Thanks

    Elmer

  • 0 in reply to Elmer Medina
    TI__Expert 8500 points

    Elmer,

    This device has a "Wait-In-Reset" function built into the JTAG block. This is not standard JTAG, but an adder done to allow you to connect an emulator without running your code. I believe if you power up the device with EMU0 as 0 and EMU1 as 1, you will halt any code execution after reset. Then you can connect your emulator/CCS connection and perform debug. Some emulators have support for this built in, so if you set it up you can leave the emulator connected as you power up and the emulator will take care of the EMU signalling for you. Try looking into this. This will at least keep a fresh device from ever running any code, although I would not have expected running from an erased Flash to cause an issue with the Flash password locations, so I am a little leery that this will solve your issue.  Other than that I'm afraid I don't have an answer for you. 

    Regards,
    Dave Foley

     

  • 0 in reply to David Foley
    Prodigy 170 points

    David,

    I finally resolved the issue I was having with the CSM. I was reviewing my schematic and noticed I do not have any power being applied to the 3.3V Flash Core Power Pin.  I had a jumper wire added to attach the pin to 3.3VDC and wouldn't you know it I can now unlock the CSM.

    Thanks for your help.


    Elmer

  • 0 in reply to Elmer Medina
    TI__Expert 8500 points

    Glad to help, Elmer. And thanks for posting the resolution.

    Regards,
    Dave Foley

     

  • 0 in reply to David Foley
    Intellectual 645 points
    Hi Elmer,
    Hi David,

    I'm also facing same issue with my board, CSM is filled with 0's and I'm not able to load code.
    @Elmer you are posted like you solved the issue, it's not clear to me.

    I request you to please explain in detail
    1. Which pin number you taken as Flash Core Power Pin.
    2. After connecting jumper what are the procedures we need to follow for what.
    3. How I can come to know CSM is unlocked.

    Thank you
    Basavanagouda
  • 0 in reply to Basvanagouda G
    Prodigy 170 points

    Basavanagouda,

    When I entered the schematic for my design I didn't connect pin 96 (VDFL33) to 3.3V.  So the Flash memory didn't have any power.  I cut and pasted how David said to test the CSM to make sure the memory isn't locked, see below in blue.

    Elmer

    There are four ways you can tell if the device is unlocked:

    1) Performing an additional read of the Flash password locations should yield a value other than all 0x0000,
    2) Reading secure memory (Flash or secure RAM) should yield a value other than all 0x0000 (assuming the data isn't 0x0000; if the CSM is still secure or if the data really is zero then you will see 0x0000 when you read secure locations),
    3) On an unlocked device you should be able to modify the L0 or L1 RAM, or,
    4) Read bit 0 of address 0x0AEF (if a one, the CSM is still locked; zero equals unlocked).