Reversible DAP lock using EFUSE_DATA_SECURE_ACCESS_RESTRICT0

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
user_4814686
Level 1
Level 1
5 sign-ins First reply posted First question asked

Hello,

Once the lifecycle stage is set to SECURE, is it possible to go from a DAP lock state to a DAP unlock state using the EFUSE_DATA_SECURE_ACCESS_RESTRICT0 register?

If not, is there any way to unlock the DAP once it has been locked in any given lifecycle stage?

Thank you,

Xavier

0 Likes
1 Solution

Hello Xavier,

Answers inline.

When in Secure w/ Debug Lifecycle mode, will the DAP access be enabled even if the EFUSE_DATA_SECURE_ACCESS_RESTRICT0 register is set to disable the DAP access?

Yes, that's right. In Secure w/ Debug mode, the normal access restrictions will apply. EFUSE_DATA_SECURE_ACCESS_RESTRICT0 will only come into effect if you transition to Secure mode from Normal mode. It does not have a role to play in Secure w/ Debug mode.

Is it possible to lock/unlock the DAP in Normal Lifecycle mode? If so, could you advise on the procedure to follow?

Yes, it is. Please refer to the following thread: Is it possible to prevent user to trace through SWD/JTAG?

Regards,
Dheeraj

View solution in original post

0 Likes
3 Replies
DheerajK_81
Moderator
Moderator
Moderator
First comment on KBA First comment on blog 5 questions asked

Hello Xavier,

No, this is not possible. Blowing the EFuse is an irreversible process. So, based on the EFUSE_DATA_SECURE_ACCESS_RESTRICT0 register setting, it is going to blow the EFuses accordingly when the lifecycle is changed to SECURE and you can't go back to a lower protection setting.

Hence, during development, it is recommended to test your designs using NORMAL and Secure w/ Debug Lifecycle modes. Secure w/ Debug allows DAP access.

For more information refer:

PSoC6 Architecture TRM

PSoC6 Register TRM

Hope this answers your query

Regards,

Dheeraj

0 Likes

Hi Dheeraj,

Thank you for your reply!

First follow-up question:

When in Secure w/ Debug Lifecycle mode, will the DAP access be enabled even if the EFUSE_DATA_SECURE_ACCESS_RESTRICT0 register is set to disable the DAP access?

Second follow-up question:

Is it possible to lock/unlock the DAP in Normal Lifecycle mode? If so, could you advise on the procedure to follow?

From the DAP Security section of the PSoC 6 programming manual: "The second bit, CPUSS_DP_CTL.xxx_DISABLE, can be set during boot, before the debugger can connect, based on eFuse settings for SECURE or DEAD life-cycle stage or based on NAR settings in Supervisory flash for NORMAL life-cycle."

Thank you very much,

Xavier

0 Likes

Hello Xavier,

Answers inline.

When in Secure w/ Debug Lifecycle mode, will the DAP access be enabled even if the EFUSE_DATA_SECURE_ACCESS_RESTRICT0 register is set to disable the DAP access?

Yes, that's right. In Secure w/ Debug mode, the normal access restrictions will apply. EFUSE_DATA_SECURE_ACCESS_RESTRICT0 will only come into effect if you transition to Secure mode from Normal mode. It does not have a role to play in Secure w/ Debug mode.

Is it possible to lock/unlock the DAP in Normal Lifecycle mode? If so, could you advise on the procedure to follow?

Yes, it is. Please refer to the following thread: Is it possible to prevent user to trace through SWD/JTAG?

Regards,
Dheeraj

0 Likes