This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC1312R7: Unable to reliably use FlashProtectionSave

Part Number: CC1312R7

We want to lock the top half of our flash contains some NMV RO config information, the bootloader and CCFG. Everything from 0x0009 C000 to 0x000B 0000.

I am using FlashProtectionSet() to first set the FLASH_WRITE_PROTECT (read it back with FlashProtectionGet()) and then FlashProtectionSave() to save it to CCFG. The FlashProtectionSet and FlashProtectionGet both seem to work, after Setting, the Getting shows its locked. Obviously it does not persist over a reset.

However, I then pass the same offset to FlashProtectionSave and sometimes it returns successful and sometimes error. The CCFG reflects the returned value. 


Sector 0x4e (0x0009c000) is RO
Sector 0x4e (0x0009c000) save success
Sector 0x4f (0x0009e000) is RO
Sector 0x4f (0x0009e000) save success
Sector 0x50 (0x000a0000) is RO
Sector 0x50 (0x000a0000) save success
Sector 0x51 (0x000a2000) is RO
Sector 0x51 (0x000a2000) save success
Sector 0x52 (0x000a4000) is RO
Sector 0x52 (0x000a4000) save fail
Sector 0x53 (0x000a6000) is RO
Sector 0x53 (0x000a6000) save fail
Sector 0x54 (0x000a8000) is RO
Sector 0x54 (0x000a8000) save fail
Sector 0x55 (0x000aa000) is RO
Sector 0x55 (0x000aa000) save success
Sector 0x56 (0x000ac000) is RO
Sector 0x56 (0x000ac000) save success
Sector 0x57 (0x000ae000) is RO
Sector 0x57 (0x000ae000) save fail
Sector 0x58 (0x000b0000) is RW
Sector 0x58 (0x000b0000) save success

I also have tried disabling the HWI and it is using the ROM functions in driverlib so I cannot walk through the code easily. Trying to the ROM debug define was unsuccessful and the program did not boot. 

Code  below:
// lock the RO NVS up to and including CCFG
// 0x9C000 - 0xB2000
for (sector = (MEM_NVS_RO_START / FlashSectorSizeGet()); sector < sectorCount; sector++)
{
    uint32_t offset = sector * FlashSectorSizeGet();
    FlashProtectionSet(offset, FLASH_WRI TE_PROTECT);

    Hwi_disable();
    cmd_printf("\tSector 0x%02x (0x%08x) is %s\n", sector, offset,
        (FlashProtectionGet(offset) == FLASH_WRITE_PROTECT) ? "RO" : "RW");
    uint32_t result = FlashProtectionSave(offset);
    cmd_printf("\tSector 0x%02x (0x%08x) save %s (%u)\n", sector, offset,
        (result == FAPI_STATUS_SUCCESS) ? "success" : "fail", result);
    Hwi_enable();
}
cmd_printf("Bootloader and NVM RO locked\n");

Side question, to lock the CCFG memory I need to lock Sector 0x58, (0xB0000 - 0xB2000) correct? That is the sector above the end of the flash. Or do I need to lock the last available sector possible, which is sector 127 in CCFG? Should I just try to lock all sectors from 0x4e to 0xff even if they are not valid flash locations? 

  • Hi Lucas,

    In general we don't recommend using driverlib (Flash.h).

    An alternative approach could be to define this flash section as an NVS region. Then use the NVS_lock API.

    https://dev.ti.com/tirex/explore/content/simplelink_cc13xx_cc26xx_sdk_7_10_02_23/docs/drivers/doxygen/html/_n_v_s_8h.html

    Cheers,

    Marie H

  • Hi Marie,

     The NVS Lock API is  not persistent over resets. In addition it prevents both reads and writes and I would like to allow reading. Any other ideas?

  • As a follow up, I can use the NOROM_ versions of FlashProtectionGet/FlashProtectionSet/FlashProtectionSave and they work more reliably, but I am still unable to lock sectors 0x57 (0x000ae000) and 0x58 (0x000b0000), sector 0x58 being my understanding as to where CCFG is stored. 

  • Hi Lucas,

    CCFG is located in the last flash page (0x000ae000 to 0x000b0000). 

    In general we don't recommend using driverlib APIs such as Flash.h directly, so I'm not sure how far I can help you. 

    I am also not sure why you want to lock flash. In general we have CCFG options for locking the debug interface (to protect your device from tampering in the field). But the operation you are trying to do would lock flash at runtime so you're just protecting it from your own application.

    Cheers,

    Marie H

  • Hi Marie,

    I'm following the Secure Boot document (https://www.ti.com/lit/an/swra651/swra651.pdf) As per section 2.2, "it is recommended to enable write protection of the flash page containing the CCFG along with the chip-erase disable configuration in order to protect the integrity of the customer configurations."

    This will prevent unauthorized code getting loaded and run on the end device. It will also lock the bootoader, its start vector and validation keys onto the device and prevent any tampering. Locking the the NVS area is nice, but can be implemented at an application level.

    I'm not against using a different API, but do want to modify the CCFG Write Protections registers.

    Lucas