- Ask a related questionWhat is a related question?A related question is a question created from another question. When the related question is created, it will be automatically linked to the original question.
Original question:
How to set the Code Security Module (CSM) password for production code for TMS320F28069 Piccolo ?
Tool/software: Code Composer Studio
Hi,
I am currently facing issues when trying to establish a password protection. Once I achieved to insert password properly for unlock the device, it worked, but after a blackout, the system was not longer recoverable:
My setup is the following:
- microcontroller: TMS320F28035
- debugger: XDS100 V3 REV B2
- ccs: v8.1.0.00011
- TI Uniflash: v5.0.0.2289
After reading carefully TMS320x2803x_ref_manual, and checking several threads like this one, I proceeded to create a couple of .asm files which contains:
- password protection (with no all '0's) within the PWL positions (0x3F7FF8 to 0x3F7FFF).
- 0x3F7F80 to 0x3F7FF5 addresses set to “0x0000” value in order to avoid program memory within that particular section.
password.asm file has the following code:
***************************************************
.sect "csmpasswds"
.int 0xFFFF ;PWL0 (LSW of 128-bit password)
.int 0xFFFF ;PWL1
.int 0xFFFF ;PWL2
.int 0xFFFF ;PWL3
.int 0xFFFF ;PWL4
.int 0xFFFF ;PWL5
.int 0xFFFF ;PWL6
.int 0xFFFF ;PWL7 (MSW of 128-bit password)
***************************************************
(I put values different from 0xFFFF but not all 0s)
and password_prep.asm contains the following code:
***************************************************
.sect "csm_rsvd"
.loop (3F7FF5h - 3F7F80h + 1)
.int 0x0000
.endloop
***************************************************
Both csmpasswds and csm_rsvd variables were properly linked and mapped with desired addresses:
Hence, I compiled and obtained .out file with the password protection.
After that, I connected JTAG debugger and open UniFlash tool to load corresponding image. When I browse to Memory section, if I try to check 0x3F7FF7-0x3F7FFF addresses, I could read all '0's, which means the device is in 'secure mode' (locked), which is good.
Hence, I browse to Settings & Utilities , and wrote the password that I programmed within password.asm file within the addresses 0xAE0 to 0xAE7 (key0 to key7). When I pressed Unlock button, it appeared a message in the bottom console stating that Unlock operation was successful. In order to check it, I read again 0x3F7FF7-0x3F7FFF addresses, I obtained all 'F's, which means the device is in 'unsecure mode' (unlocked). This behaviour was the expected one.
However, if I perform a blackout, and I power on the microcontoller back, I was unable to establish communication through UniFlash tool. I could not read any memory section:
I could not insert again the password for unlocking since, JTAG debugger connection is not longer successful:
Are there some errors in the steps we perform?
How could we recover the binary file or be able to load a new binary into the microcontroller?
Thanks in advance.
Guillermo
Dear Hareesh J,
Thank you very much for your reply. I carefully read the case you provided me in above comment (https://e2e.ti.com/support/microcontrollers/c2000/f/171/t/821593). According to this, it is required to modify linker command file in order to download bootloader code into RAM unsecure for unlocking the device, and after this, to perform disered action such as FW update with the pretend Flash. I am currently using microcontroller TMS320F28035, and I have found the following information regarding memory map for this specific target:
Based on this chart, M0 or M1 are the only unsecured memory blocks available, since there is no L4-L8 memory spaces avaialble for this purpose. Is my understanding correct?
Thank you very much.
Guillermo
