Device Security of PSoC® 4 - KBA87495

Version: *A

 

Question:

Describe the device security features of PSoC® 4.

 

Answer:

PSoC 4 supports four protection modes: BOOT, OPEN, PROTECTED, and KILL. Each mode provides specific capabilities, through the DAP, for CPU software and debug. Here is a brief description of each mode.

 

  • BOOT: The device comes out of reset in this mode. It stays there until its protection state is copied from the supervisor flash to the protection control register (CPUSS_PROTECTION). Until this happens, the debug-access port is stalled. BOOT is a transitory mode that is required to set the part to its configured protection state.
  • OPEN: This is the factory default mode. Flash can be programmed and user-mode access for CPU and debugger features is supported. Privileged mode access restrictions are enforced.
  • PROTECTED: You may change the mode from OPEN to PROTECTED. Doing so disables all debug access to user code or memory. Only access to user registers remains available; this prevents debug access to reprogram flash. You can reset the mode to OPEN but only after you completely erase the flash.
  • KILL: You may change the mode from OPEN to KILL. Doing so removes all debug access to user code or memory and the flash cannot be erased. Only access to user registers remains available; this prevents debug access to reprogram flash. Note that the part cannot be taken out of KILL mode; devices in KILL mode may not be returned for failure analysis.

 

In addition, each row (128 bytes) in flash can be set as ‘full protected’ or ‘unprotected’, as shown in the following screenshot. A setting of ‘full protected’ indicates that a row cannot be erased or programmed except during total erase and back to unprotected. For details, refer to PSoC® Creator™ System Reference Guide.

1.png