I am looking for a secure bootloader on the F28377D and would like you to confirm my understanding of the device as a prelude to further questions. Please can you confirm each of the following statements:
-
It is not possible to disable the JTAG port on the F28377D. One can only go as far as securing the securable memories against JTAG accesses. This leaves unsecure memories and peripherals accessible over JTAG.
-
Unsecuring a secure zone by performing the password match flow also unsecures the memory for JTAG accesses as well as CPU accesses.
-
It is possible via CCS to connect to a core without tripping the ECSL (we have achieved this by attaching to a core running from secure memory with rude mode enabled) therefore it is possible to access unsecure memory and peripherals even if the core is running from secure memory.
-
The FLASH library is not stored in ROM.
-
The FLASH controller will not allow erasures of a Zone 2 block by code running from an unsecured memory.
-
The FLASH controller will not allow erasures of a Zone 2 block by code running from a Zone 1 memory.
-
Is it not possible to permanently lock a FLASH block directly, i.e. make it impossible to erase a FLASH block even if commanded to from the correct secure zone.
The reason I am interested in these aspects of the device is based around having a bootloader in FLASH that can upgrade the application, is protected against accidental erasure at the hardware level, and securing the chip such that our IP is protected against an attacker accessing the device through the JTAG port. Your response will inform my further design work.
Regards, Bernd
