• State Resolved
  • Locked Locked
  • Replies 6 replies
  • Subscribers 82 subscribers
  • Views 1996 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS320F28374S: DCSM for dummies

PavelM
Intellectual 405 points
Part Number: TMS320F28374S


Hi,

Is there a short step-by-step guide for enabling DCSM security on 2837x?

I know it's documented in the TRM, but I'd like to just be able to secure the chip without studying documentation and bricking boards...

I don't want to become a DCSM expert - I just want to follow TI's best practices on this :)

Here is what I'd like to accomplish:

(1) JTAG is disabled

(2) Flash and RAM are secured

(3) There is no backdoor into the system without knowing the 128-bit password.

Which registers in OTP do I need to program?

With DCSM enabled, does anything change in the way Flash API operates - does my firmware application (running from secured flash/RAM) need to un-secure flash sectors prior to erasing/writing?

Thank you!

-Pavel

  • 0
    Intellectual 405 points
    I was able to program the CSM password, and then unlock the chip (using Wait boot mode).

    Once it's unlocked, I can re-flash the chip using JTAG.

    However, I am unable to step through the code. When I run the code, it ends up in WaitMode() in boot ROM. If I change program counter to jump into flash, the JTAG gets disconnected.

    What is the procedure for unlocking DCSM and stepping through the code, once CSM passwords have been programmed?
  • 0 in reply to PavelM
    TI__Guru** 115881 points

    Hi Pavel,

    Sorry for late reply. To secure the device you need to program the passwords as well as GRABRAM and GRABSECT locations for Zone1. Once programmed, you should be able to connect to device using WaitBoot and then unlock the device and step through the code. Before stepping through the code you need to unlock the device again else JTAG will get disconnected. So after re-flash, please unlock the device and then step through the code. If you want to step through the code while device is secure then you need to UNLOCK the ECSL by providing lower 64bit password. This will allow you to step through the code but you'll not be able to see any secure content.

    Regards,

    Vivek Singh

  • 0 in reply to Vivek Singh
    Intellectual 405 points
    Thanks, Vivek. I am able to step through secure code now - it's the second Unlock operation that I wasn't doing.
  • 0 in reply to Vivek Singh
    Intellectual 405 points
    Vivek,

    One more issue: I am unable to write flash from my code when Zone is secured. Everything works when DCSM is un-secured.

    I use Zone 1 for all flash sectors and RAM blocks. I also try to set FLSEM register, but it doesn't take the value for Zone 1. Before changing FLSEM, DCSM common registers have the following values:

    FLSEM=x00000000
    SECTSTAT=x15555555
    RAMSTAT=xD0005555

    and Zone 1 is Secured:

    Z1_CR=x0040
    Z2_CR=x0070

    Then my code does this:

    DcsmCommonRegs.FLSEM.all = 0xA501;

    and immediately I print FLSEM to console:
    FLSEM=x00000000

    The function that writes FLSEM is in LS4 RAM, and this block belongs to Zone 1 - so FLSEM should take the new value?

    Any ideas?

    Thank you!


    -Pavel
  • 0 in reply to PavelM
    Intellectual 405 points
    I changed my code to issue EALLOW before writing FLSEM, and then it worked (FLSEM register took value 1).

    So it looks like FLSEM register is EALLOW protected? The latest TRM says it's not...
  • 0 in reply to PavelM
    TI__Guru** 115881 points

    Hi,

    Thank you for the feedback. This is will be fixed in next document release.

    Vivek Singh