Is it possible to lock debug port (SWD) without locking sflash?

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
AnCi_2234676
Level 4
Level 4
10 replies posted 5 replies posted 10 questions asked

I want to store some configuration in the sflash and lock the debug port using the efuse. I have read that if the debug port is locked, writing to the sflash is no longer possible.

In my use case, some of that config stored in the sflash might need to change. Is there a way to lock the debug port (SWD) and still be able to write to the sflash ? Is there a way to lock only parts of the sflash?

Thanks

0 Likes
1 Solution

Hi AnCi_2234676​,

After the transition from Normal to Secure mode, all the blocks in the SFlash, including the Public Key area and the TOC2, are validated with another hash value referred to as the Secure_HASH. It is also stored in eFuse and cannot be changed without detection. The entire SFlash block is validated with the Secure_HASH each time the device wakes from reset in the Secure mode. If an error is found while validating the SFlash, the device will no longer complete the boot sequence and enter a Dead state.

Hope this helps,

Thanks and regards,

Rakshith M B

Thanks and Regards,
Rakshith M B

View solution in original post

0 Likes
3 Replies
Rakshith
Moderator
Moderator
Moderator
250 likes received 1000 replies posted 750 replies posted

Hi AnCi_2234676​,

I have read that if the debug port is locked, writing to the sflash is no longer possible.

That is correct. If you disable the Debug Access Port then you will be blocking any access to the device. So, you will not be able to modify the SFlash contents.

Thanks and Regards,

Rakshith M B

Thanks and Regards,
Rakshith M B
0 Likes

To be clear, what I am asking is: Is it still possible to write to the sflash from the firmware after locking the debug port. I guess so, but I just want to make sure.

0 Likes

Hi AnCi_2234676​,

After the transition from Normal to Secure mode, all the blocks in the SFlash, including the Public Key area and the TOC2, are validated with another hash value referred to as the Secure_HASH. It is also stored in eFuse and cannot be changed without detection. The entire SFlash block is validated with the Secure_HASH each time the device wakes from reset in the Secure mode. If an error is found while validating the SFlash, the device will no longer complete the boot sequence and enter a Dead state.

Hope this helps,

Thanks and regards,

Rakshith M B

Thanks and Regards,
Rakshith M B
0 Likes