• State Resolved
  • Locked Locked
  • Replies 5 replies
  • Subscribers 54 subscribers
  • Views 1017 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CPU accidentally locked F28M36P63C2

Andreas Unterberger
Expert 1140 points

Other Parts Discussed in Thread: F28M36P63C2, UNIFLASH

Hi,

I'm just developing on the Concerto F28M36P63C2 and when I recently added some files to the test project it generated a section called .init_array the bad thing is that the linker placed it on address 0x200000 this is where the CSM_ECSL_Z1 password or so should be set or not set.

can you please help me how I can unlock the CPU now? I also don't know what values were placed there, but I could read some values via CCS UniFlash. So it seems to be that this is standing there:

c2 00 01 00 e2 41 e0 56 46 00 84 00 00 00 00 00 00 00 0f 01 97 00 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 00 84 00 46 00 00 00 00 00   

please help!

  • 0
    Expert 1140 points
    if I read .coff format file my hex editor says this was read:
    C2000100294CE156C60000000000000000000F0197002E6461746100000000002000000020008000000046000000000000000000000000000000000000000000000000000000B1762000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    if I read .bin format file my hex editor says this was read:
    B1762000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    neither of the following values works as key corresponding to UNIflash
    0x002076B1 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF
    0xB1762000 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF
    0x000100C2 0x56E14C29 0x000000C6 0x00000000
    0xC2000100 0x294CE156 0xC6000000 0x00000000

    why is there a difference what Uniflash reads in the different formats? why is the .bin format data also seen in the coff format data but a bit later in the datastream?
    but most important where do I get the key value from when these methods do not work?

    please respond
  • 0 in reply to Andreas Unterberger
    TI__Genius 13145 points
    Andreas,

    Do you have CCS installed as well? If so, can you try using CCS to view the memory at 0x200000 using the Memory view. This should make it easier to see what you have in memory.

    Also, do you still have the program (.out) file that you loaded on your target? If you can send it to me, I can take a look at what was written to the password locations.

    Thanks,
    Ricky
  • 0 in reply to Ricky Lau
    Expert 1140 points

    Hi Ricky,

    thanks for the reply. It's good to know that also CCS can be used to find out what was written there. I already solved the problem, the correct data what was stored there was stated in the .bin format and also in the CCS as you told me now.

    After that put the password in the textboxes of Uniflash and hit >Program Password< after it finished hit >Unlock<

    It's not very intuitive that you have to program the password first to unlock, mainly the password was already programmed before.

    Andreas

  • 0 in reply to Andreas Unterberger
    Expert 1140 points
    by the way if the program UniFlash already knows the storage place of the password (0x200000-0x20000F) it could simply read the data from there and write it to the key registers for unlocking the CPU, just by pressing the unlock button.

    Why is it so complicated?

    (I mean I learned from it, but it cost me all in all a few days to find out what is the problem where is the password and how to unlock again, on TI side it would have been just another design of the tool and would not have cost any more time!)

    if I should recommend the TI processors for use in the next project or company this complicated behaviour of the TI tools and also the sample code examples would be a huge drawback!
  • 0 in reply to Andreas Unterberger
    TI__Genius 13145 points
    Andreas,

    Glad to hear that you were able to unlock your device and continue with development. I'm sorry this issue cost you a few days to resolved.

    I'm not sure why you needed to program the password first before you were able to unlock it. If you wrote to the password locations in the program you loaded already, it should have programmed the password.

    As for automatically reading the password from memory, thanks for providing the feedback. I will need to review this with the C2000 team to see if it makes sense to implement this or not.

    Thanks,
    Ricky