3 Replies Latest reply on Jul 29, 2019 6:19 AM by DheerajK_81

    flash read protection



      I am working with  CY8CPROTO-063-BLE on ModusToolbox 1.1.

      How to prevent external read to the flash (using a debugger) after the chip is programmed to prevent the hex from being read and reused.





        • 1. Re: flash read protection

          Hello Ali,


          You will need to create a secure system to prevent access. Please refer to this application note for the theory behind how this works in PSoC6: https://www.cypress.com/file/447981/download .


          The simplest way would be to use the PPCOM Command line interface. You can find the guide at this path: "C:\Program Files (x86)\Cypress\Programmer\Documents"


          Make use of the PSoC6_WriteProtection API to transition to secure stage. More about this here: Re: PSoC6 Programmer COM API PSoC6_WriteProtection()


          You can specify the secure access restrictions based on the level of security you need and then switch the device from Normal to Secure lifecycle stage for the changes to take effect. You can look at the EFuse registers  EFUSE_DATA_SECURE_ACCESS_RESTRICT1 where you can specify how much of the flash is accessible through the debug access port.


          Have a look at Page#653 in the Register TRM: https://www.cypress.com/file/421406/download


          To understand more about EFuse please refer to page#112 in the Architecture TRM: https://www.cypress.com/file/385621/download





          1 of 1 people found this helpful
          • 2. Re: flash read protection

            HI Dheeraj,

            thanks for response.

            I have been trying to change the lifecycle to secure with debug but I am having some issues which I addressed in the following discussion


            I just want to make sure that we are on the same page

            Is it safe to ignore all the steps in the step by step summery in page#29 in the Creating a Secure System document

            except for changing the lifecycle

            in other words

            will only changing the lifecycle work without all the remaining steps




            • 3. Re: flash read protection

              No you cannot ignore the steps because the root of trust involves a boot sequence that requires a secure image and a user application to be programmed with a valid TOC2 and public key.


              TOC2 is used to point to the location of the first and second executable applications. If at all you haven't followed the steps and directly changed the lifecycle stage, you might fail validation and end up in a dead state.


              Hence, it is always recommended to see if your application is properly functioning in NORMAL or SECURE w/ DEBUG modes before making the transition to SECURE mode.