Author: YongQ_16 Version: **
Question: I am using BP bits to protect code stored in SPI flash from being modified unintentionally or by a malicious actor. How can I make it hardware-protected?
Answer: The non-volatile Status Register Write Disable (SRWD) bit in combination with the Write Protect (WP#) signal can provide hardware protection to the BP bits protected flash area.
The Block Protect bits (Status Register bits BP2, BP1, BP0) in combination with the Configuration Register TBPROT bit can be used
to protect an address range of the main flash array from program and erase operations. The size of the range is determined by the value of the BP bits, and the upper or lower starting point of the range is selected by the TBPROT bit of the configuration register.
When WP# is driven LOW (VIL), and the SRWD bit is set to a ‘1’, it is not possible to write to the Status Register and Configuration Registers. This prevents any alteration of the BP bits (BP2, BP1, BP0) and TBPROT bit. As a consequence, all the data bytes in the memory area that are protected by the BP and TBPROT bits are also hardware-protected against data modification if WP# is LOW during a WRR command.
The SRWD bit default is 0. It can be set to ‘1’ before or after WP# is pulled LOW. Two use cases are as follows:
- Pre-program the flash on programmer: After code is programmed into the flash, configure BP and TBPROT bits to protect the memory area. Set SRWD bit to ‘1’, and then mount the flash on the PCB with the WP# signal grounded.
- Program the flash in-circuit: Mount the flash on the PCB with WP# signal grounded. Program code into the flash. Configure BP and TBPROT bits to protect the memory area, and then set SRWD bit to ‘1’.
The WP# function is not available when the Quad mode is enabled (CR=1). The WP# function is replaced by IO2 for input and
output during Quad mode. Thus, this hardware protection approach does not work when Quad mode is enabled.
The SRWD bit + WP# signal hardware protection is a legacy approach. Cypress FL-S and FS-S flash families also provide Advanced Sector Protection (ASP) scheme for flash memory protection that can be used to lockdown the code area.