• State
  • Locked Locked
  • Replies 4 replies
  • Subscribers 83 subscribers
  • Views 2970 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Programming a password into the F28335

Florian DELAUNAY
Prodigy 90 points

Other Parts Discussed in Thread: UNIFLASH

Hello everyone,

I have to secure my F28335 DSP against any intrusion in order to protect the binary code. I read the guides sprufb0d.pdf and spra958l.pdf but I still have some points that I'd like to clarify before programming a password.

I use Code Composer Studio 5.5 and a SEED XDS560 V2 USB emulator (from Spectrum Digital). My code runs from Flash and the DSP always boots in "Branch to flash" mode, which branches to the entry point of my program.

Below is my list of doubts that I'd like to elucidate with you.

1. [DSP Unlocking] 

How to unlock the DSP with CCS 5.5 ? Many information exist for older versions of CCS, but I found no menu to set the Flash programming data (such as the password) in the CCS 5.5 environment. 

2. [Secured DSP Debugging]

Our development phase is not fully completed and we'll need to do some debugging (breakpoints, variable inspections). Is it possible with a secured device ? 
The documentation sprufb0d.pdf is ambiguous to me about that:
- section 4.1 page 23: "If code is currently running from inside secure memory, only an access through JTAG is blocked (i.e., through the emulator)") 
=> What does it mean ? 

- section 4.1 page 25: "When initially debugging a device with the password locations in flash programmed (i.e., secured), the emulator takes some time to take control of the CPU. During this time, the CPU will start running and may execute an instruction that performs an access to a protected ECSL area. If this happens, the ECSL will trip and cause the emulator connection to be cut."
=> It's written in the documentation that the Wait-in-Reset emulation mode can be used in order to bypass this problem. How to set the Wait-in-Reset emulation mode in CCS 5.5 so that Debug sessions will work correctly with a secured device ?

 

3. [Properly locking the DSP]

In spra958l.pdf page 21, it's written that the addresses 0x33FF80 to 0x33FFF5 shall be fed with 0x0000's before writing a password to "lock the DSP properly". Does Code Composer Studio 5.5 or any external Flashing tool (SD Flash, Uniflash) manage this requirement ? or is it to be considered by the programmer ?

Thank you very much for your answers.

  • 0
    TI__Mastermind 32995 points

    Hi Florian,

    1) To lock the device, you can use DSP2833x_CSMPasswords.asm to program your passwords and secure your device.  The passwords are linked to a section which is mapped to the appropriate memory addresses by the linker command file.  In order to unlock your device, see Figure 12.  You need to read 0x33FFF8-0x33FFFF.  After performing these dummy reads, you need to write the correct passwords to 0x0AE0 - 0x0AE7.  If the passwords match, the device will unlock.

    2)  You cannot debug secure memory.  You cannot connect CCS through JTAG to the device while it running from secure memory.  The text that you posted means that code running from secure memory can read write and execute to secure memory.  However, you cannot access the code via JTAG.  you cannot read or write from unsecure memory including a JTAG connection.

    If you connect via the JTAG emulator to the device and reset the device and it boots to secure Flash, then the emulator will get disconnected.  Wait in Reset, allows you to connect to the device before it jumps to your secure application.  You can do some debugging this way.  You cannot debug secure memory while your device is secure.  This would defeat the purpose of securing your device.

    3)  I believe that these flash programming tools meet this requirement.  If you are unlocking your device by executing code by the CPU, you will need to include this in your application.

    sal

  • 0 in reply to Sal Pezzino
    Prodigy 90 points

    Thank you for your answer, things are clearer for me.

    I successfully locked my device and I'd like to unlock it from the PC (without assembly code) through Uniflash or Code Composer Studio 5.5 and my SEED XDS560v2 USB emulator.

    The DSP boot pins are set so that after reset the DSP jumps to Flash. However:

    - I'm unable to Unlock the DSP with Uniflash (by setting the correct password of course).

    - I'm unable to flash a new program with Code Composer Studio (by setting the correct password too, in the target configuration menu).

    I think that as the DSP is secured and running secured code, it rejects the JTAG connexion. To bypass the problem, I need to enable the "Wait-in-Reset" emulation mode as explained in sprufb0d.pdf p25, but I hopelessly find no information on how to configure it in Uniflash and / or CCS 5.5.

    Concerning CCS 5.5, many posts on TI forums for CCSv5 (not 5.5) say that it can be enabled by going to "target connection information" and select "advanced setup" but I can't find such a menu in CCS 5.5 to drive the EMU0 and EMU1 pins !
    I also tried to check the box "Reset the target on a connect" in the target configuration menu with no success.

    Concerning Uniflash (which is poorly documented), is there a way to enable the wait-in-reset mode through it so that I can unlock the DSP successfully with the Unlock button ?

    Thank you for your help

  • 0 in reply to Florian DELAUNAY
    Guru 192875 points

    You need to configure your boot pins to Wait mode to Unlock the controller.

    1. Go to Wait mode

    2. Reset your controller

    3. Use the Unlock option in Uniflash


    Let us know by doing so.

    Regards,
    Gautam

  • 0 in reply to Gautam Iyer
    Prodigy 90 points

    Hello Gautam,

    Your method works fine, I'm able to unlock the DSP (on a Demo board).

    However the final board design is completed and I'm unable to toggle the boot load pins on my system. I can only plug a JTAG emulator, so that's why I'm focusing on a more software-oriented solution.
    I think initiating an emulator session in Wait-in-reset mode could do the job, but I'm not totally sure of that and I find no information about how to set this mode in CCS5.5 / Uniflash

    I'm still listening to any other software-oriented solution if some of you have some suggestions.