This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

[FAQ] BQ34Z100-G1: How to Seal and Unseal

Part Number: BQ34Z100-G1
Other Parts Discussed in Thread: BQSTUDIO

The BQ34Z100-G1 provides three security modes that control data flash access permissions according to the table below:

FULL ACCESS mode allows the BQ34Z100- G1 to directly transition to BOOTROM mode and also write access keys. UNSEALED mode does not have these abilities.

These security modes to help protect the flash memory of the gauge from third parties reading the gauge’s configuration memory. This prevents any copying of the gauge or BMS system. The mode information can be found in the Control Status()[SS] bit location When in SEALED mode, the [SS] bit of Control Status() is set, and when in UNSEALED the [SS] bit is cleared. If full access keys are successfully received the Flags() [FAS] bit is cleared. If BQstudio is connected to the gauge ensure that logging and auto refresh is turned off to eliminate interference so that the all commands can be received properly. Before sending the commands ensure that there is a 4 second period of no communication to confirm it is unsealed successfully. The two halves of the key must be sent within 4 seconds of each other and in succession.

Steps to go from SEALED -> UNSEALED:

First verify that the gauge is sealed by verifying [FAS] and [SS] bits are set in the CONTROL_STATUS register. Block write to device address(0x55, 7 bit)-> Write Control() command(0x00) ->  low-byte Unseal Key in little endian ( 0x14, 0x04).

Repeat steps for high-byte Unseal Key

This operation can be verified if the [FAS] bit is set and the [SS] bit is cleared.

Steps to go from UNSEALED -> FULL ACCESS:

First verify that the gauge is unsealed by verifying [FAS] is set and [SS] bit is cleared in the CONTROL_STATUS register. Repeat the steps for SEALED -> UNSEALED with the Full Access Key.

The low-byte of the Full Access Key:

The high-byte of the Full Access Key:

This operation can be verified if the [FAS] and [SS] bits are cleared.

Steps to SEAL the gauge:

Block write to device address(0x55, 7 bit)-> Write Control() command(0x00) ->  Seal command little endian ( 0x20, 0x00)

 

This operation can be verified if the [FAS] and [SS] bits are set.

Notes:

Never set the leading values of the unseal or full access keys to 0x00, the gauge will misinterpret the command and the gauge will become bricked.