Flash Read Protection for Bootloader and Bootloadable Code in PSoC® 4

Version: **

 

Question:

How do I protect my bootloader and bootloadable code in PSoC 4 devices from unauthorized reads, while still being able to do bootloading?

 

Answer:

PSoC 4 devices have a chip-level “Protected” mode that disables debug mode as well as access to flash. (Test mode access to registers is still allowed.) For details, see a PSoC 4 architecture technical reference manual (TRM). To enable chip-level protection in PSoC Creator bootloader and bootloadable projects, do the following:

 

  1. In both bootloader and bootloadable projects, in the .cydwr file, System window, set the Chip Protection option to Protected, as shows: 

    Figure 1. Chip Protection Setting in Project .cydwr File

     

    Figure 1.PNG

  2. After building the projects, do NOT use the PSoC Creator programming option. PSoC Creator does not put the chip in protected mode because this disables debugging. Instead, open PSoC Programmer.
  3. Before programming the bootloader .hex file to the target, select menu item Options > Programmer Options. In the options dialog, select Chip Lock Enable, as shows. Click OK to close the dialog. 

    Figure 2. PSoC Programmer Set Chip Lock Enable in Programmer Options

     

    Figure 2.PNG

  4. When you start programming the device, a warning dialog is displayed, as shows. Click OK to continue programming. 

    Figure 3. PSOC Programmer Chip Lock Warning

     

    Figure 3.PNG

     

    After programming is complete, the PSoC Programmer log states that the chip is protected, as Figure 4 shows:

     

    Figure 4. PSoC Programmer Chip Protect Log Entry

     

    Figure 4.PNG

  5. Now, in sequence, click the Read, Verify and Checksum buttons. shows that the read and verify operations cannot be done. The reason that checksum works is that flash bytes are not being read. Instead, the flash bytes are summed within the device and only the checksum is reported. 

    Figure 5. PSoC Programmer Read, Verify, and Checksum Log Entries

     

    Figure 5.PNG

  6. Now use the Bootloader Host program to download the bootloadable project to the target. shows that the program and verify operations can be done. The reason that the verify operation works is that flash bytes are not being read. Instead, data is sent to the bootloader with a command to compare that data against a designated flash row number. The bootloader simply reports compare success or failure. 

    Figure 6. Bootloader Host Program and Verify Log Entries

     

    Figure 6.PNG

     

    Finally, note that neither the PSoC 4 SROM code nor the Bootloader Component API have any way to report the values of any flash bytes. Once the Chip Lock bit is set and programmed into the device, your code is protected from unauthorized reads.

     

    To bring the chip from Protected to Open mode, you must reprogram it. This erases the flash, thereby preserving the security of the code in flash. There are several ways to bring the chip from Protected to Open mode:

 

  • Reprogram the chip using PSoC Creator, with the DWR option set to either Open or Protected
  • Reprogram the chip using PSoC Programmer, with the Chip Lock option set to Disable. Again, this can be with the DWR option set to either Open or Protected

 

For more information on bootloading with PSoC, see AN78354, PSoC Introduction to Bootloaders.