cancel
Showing results for 
Search instead for 
Did you mean: 

PSoC 6 MCU

JeHu_3414236
Contributor II

I want to write a command line PC app to program a bootloader and change the lifecyle to secure.  I am using the sample app from PSoC Programmer in \Examples\Programming\PSoC6\SWD\C_Sharp.  The example does not erase SFlash when programming and has this comment:

//Do not erase Supervisory Flash region, since there stored device configuration data

//PSoC6 device may be corrupted if SFlash will be erased

I cannot program the bootloader if I don't erase SFlash because some data needs to be written there like TOC.  What SFlash addresses can I erase when programming the bootloader?

When bootloader programming is done I want to change the lifecycle.  Does the bootloader need to be run once before I change the lifecyle or can I change lifecycle immediately without calling DAP_ReleaseChip?

0 Likes
1 Solution
GeonaP_26
Moderator
Moderator

The example does not erase SFlash when programming and has this comment:

//Do not erase Supervisory Flash region, since there stored device configuration data

//PSoC6 device may be corrupted if SFlash will be erased

Supervisory Flash (SFlash) contains accessible and restricted sub-regions. Flash boot, trim constants, and the Table of Contents1 (TOC1) in SFlash are restricted from being reprogrammed in either Normal or Secure modes. Even though, SFlash is not erased, it is programmed and verified as part of the programming flow implemented in C_Sharp.sln.

To ensure that the restricted sub-regions have not been tampered after the MCU has left Cypress, a hash of these objects is stored in eFuse. This hash is referred to as Factory_HASH. The Factory_HASH is not used either Normal and Secure modes. Prior to the transition to Secure mode, the Factory_HASH ensures that the device can be validated. Please contact Cypress if the Factory_HASH has been corrupted.

I cannot program the bootloader if I don't erase SFlash because some data needs to be written there like TOC.  What SFlash addresses can I erase when programming the bootloader?

Flash boot, trim constants, and the TOC1 are restricted from being reprogrammed in either Normal or Secure modes. Whereas, upto 32kb SFlash User Area, Normal Access Restrictions (NAR), Public Key, Table of Contents Part 2 (TOC2) are accessible in Normal mode. I assume that you are referring to TOC2 in your query. The linker script must contain appropriate sections and data to update these regions. For address range and more details, please refer to PSoC 6 MCU Programming Specifications​ and the example provided in AN221111 - Creating a Secure System.

Please note that writing to the five accessible sub-regions is not possible when the chip is in Secure Life Cycle stage.

When bootloader programming is done I want to change the lifecycle.  Does the bootloader need to be run once before I change the lifecyle or can I change lifecycle immediately without calling DAP_ReleaseChip?

The table of contents and all data included in the verification needs to be programmed before the eFuse programming step. If that's taken care, you can program eFuse as the last step of programming. If these data are modified after blowing the Secure bit, the PSoC 6 MCU will go to Dead state.  Please refer to the programming flow available in PSoC 6 MCU Programming Specifications. You can find more details on the Chain of Trust from AN221111 - Creating a Secure System.

View solution in original post

0 Likes
1 Reply
GeonaP_26
Moderator
Moderator

The example does not erase SFlash when programming and has this comment:

//Do not erase Supervisory Flash region, since there stored device configuration data

//PSoC6 device may be corrupted if SFlash will be erased

Supervisory Flash (SFlash) contains accessible and restricted sub-regions. Flash boot, trim constants, and the Table of Contents1 (TOC1) in SFlash are restricted from being reprogrammed in either Normal or Secure modes. Even though, SFlash is not erased, it is programmed and verified as part of the programming flow implemented in C_Sharp.sln.

To ensure that the restricted sub-regions have not been tampered after the MCU has left Cypress, a hash of these objects is stored in eFuse. This hash is referred to as Factory_HASH. The Factory_HASH is not used either Normal and Secure modes. Prior to the transition to Secure mode, the Factory_HASH ensures that the device can be validated. Please contact Cypress if the Factory_HASH has been corrupted.

I cannot program the bootloader if I don't erase SFlash because some data needs to be written there like TOC.  What SFlash addresses can I erase when programming the bootloader?

Flash boot, trim constants, and the TOC1 are restricted from being reprogrammed in either Normal or Secure modes. Whereas, upto 32kb SFlash User Area, Normal Access Restrictions (NAR), Public Key, Table of Contents Part 2 (TOC2) are accessible in Normal mode. I assume that you are referring to TOC2 in your query. The linker script must contain appropriate sections and data to update these regions. For address range and more details, please refer to PSoC 6 MCU Programming Specifications​ and the example provided in AN221111 - Creating a Secure System.

Please note that writing to the five accessible sub-regions is not possible when the chip is in Secure Life Cycle stage.

When bootloader programming is done I want to change the lifecycle.  Does the bootloader need to be run once before I change the lifecyle or can I change lifecycle immediately without calling DAP_ReleaseChip?

The table of contents and all data included in the verification needs to be programmed before the eFuse programming step. If that's taken care, you can program eFuse as the last step of programming. If these data are modified after blowing the Secure bit, the PSoC 6 MCU will go to Dead state.  Please refer to the programming flow available in PSoC 6 MCU Programming Specifications. You can find more details on the Chain of Trust from AN221111 - Creating a Secure System.

View solution in original post

0 Likes
Top labels