General Flash Protection questions

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
WaMa_286156
Level 5
Level 5
First comment on blog 100 replies posted 50 replies posted

 I've read AN2015, and several forum posts, and I have some questions left over.

   

 Flash protection is 3 levels.  0= unprotected.  1=external reads disabled. 2= external read/write disabled. 3= external read/all writes disabled.  Levels 0,1,2 allow the cpu  to write internal flash (to allow, for example, emulated eprom)

   

  I've read on forums that even with level 3, you can erase the chip, and also have read that with level 3, you cannot erase the chip.

   

  There is a psoc4 document (KBA87495) that indicates there are other protection modes.  Maybe only for PSoC 4.

   

  So, my question is, based on the readers experiences:

   

1) Is level 1 enough protection to prevent people from seeing my code?

   

2) If I program level 3, is my processor forever bricked if something is wrong?  (With Kill on PSoC4, that appears to be true)

   

3) At what level does debugging stop working, or since it comes through the SWD port, does debugging *always* work?

   

 

   

thanks!

0 Likes
3 Replies
WaMa_286156
Level 5
Level 5
First comment on blog 100 replies posted 50 replies posted

  I apologize for the large text. I copied/pasted and did not realize the text would show like that.  I can't edit it, as the first post in a new topic cannot be edited.

0 Likes
Bob_Marlowe
Level 10
Level 10
First like given 50 questions asked 10 questions asked

There is a Write-Once-Latch (WOL) that, when programmed with the correct key, inhibits any further programming and erasing of the chip, prevents from debugging and read-out of flash by a programmer. See PSoC5LP programming specs pg. 83

   

The flash security options are described best imho in creator help. enter "flash security" into help search field.

   

 

   

Bob

0 Likes
WaMa_286156
Level 5
Level 5
First comment on blog 100 replies posted 50 replies posted

Thanks Bob!  That makes sense. It set me on a witch hunt, with the proper search terms in hand.

   

  In addition to that draconian step, there is another way to allow yourself a reprogrammable device without allowing debug.

   

  In An72382, page 9, it talks about the "System" tab for the cydwr file.  In it there is a Programming\Debugging line, which has SWD options for Debug.  In that old app Note, it says to select "Debug Ports Disabled."  That option is no longer available.  I suspect that the selection "GPIO" is the one that prevents debugging on those ports.  You can then use them as GPIO.

   

 Edit: It appears you may also have to select "Enable Device Protection" also.  

   

  That combined with Level 1 of protection should (I hope) give a reasonable amount of protection for my stuff.  I don't care if someone erases my code, I just don't want it hanging out there through the debug port or visible otherwise.  There may be a minimum time window that debug could still occur, that is probably ok, we plan to do some obscuring of the device.

   

  In addition, there may be NVL for debug enable/disable without WOL being set.  Still looking.

0 Likes