flash read protection

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
AlAd_4179981
Level 1
Level 1
First like given Welcome!

Hi,

I am working with  CY8CPROTO-063-BLE on ModusToolbox 1.1.

How to prevent external read to the flash (using a debugger) after the chip is programmed to prevent the hex from being read and reused.

Thanks,

Ali

0 Likes
1 Solution

No you cannot ignore the steps because the root of trust involves a boot sequence that requires a secure image and a user application to be programmed with a valid TOC2 and public key.

TOC2 is used to point to the location of the first and second executable applications. If at all you haven't followed the steps and directly changed the lifecycle stage, you might fail validation and end up in a dead state.

Hence, it is always recommended to see if your application is properly functioning in NORMAL or SECURE w/ DEBUG modes before making the transition to SECURE mode.

Regards,

Dheeraj

View solution in original post

0 Likes
3 Replies
DheerajK_81
Moderator
Moderator
Moderator
First comment on KBA First comment on blog 5 questions asked

Hello Ali,

You will need to create a secure system to prevent access. Please refer to this application note for the theory behind how this works in PSoC6: https://www.cypress.com/file/447981/download ​.

The simplest way would be to use the PPCOM Command line interface. You can find the guide at this path: "C:\Program Files (x86)\Cypress\Programmer\Documents"

Make use of the PSoC6_WriteProtection API to transition to secure stage. More about this here: Re: PSoC6 Programmer COM API PSoC6_WriteProtection()

You can specify the secure access restrictions based on the level of security you need and then switch the device from Normal to Secure lifecycle stage for the changes to take effect. You can look at the EFuse registers  EFUSE_DATA_SECURE_ACCESS_RESTRICT1 where you can specify how much of the flash is accessible through the debug access port.

Have a look at Page#653 in the Register TRM: https://www.cypress.com/file/421406/download

To understand more about EFuse please refer to page#112 in the Architecture TRM: https://www.cypress.com/file/385621/download

Regards,

Dheeraj

https://www.cypress.com/file/421406/download

HI Dheeraj,

thanks for response.

I have been trying to change the lifecycle to secure with debug but I am having some issues which I addressed in the following discussion

https://community.cypress.com/thread/47850

I just want to make sure that we are on the same page

Is it safe to ignore all the steps in the step by step summery in page#29 in the Creating a Secure System document

except for changing the lifecycle

in other words

will only changing the lifecycle work without all the remaining steps

Regards,

Ali

0 Likes

No you cannot ignore the steps because the root of trust involves a boot sequence that requires a secure image and a user application to be programmed with a valid TOC2 and public key.

TOC2 is used to point to the location of the first and second executable applications. If at all you haven't followed the steps and directly changed the lifecycle stage, you might fail validation and end up in a dead state.

Hence, it is always recommended to see if your application is properly functioning in NORMAL or SECURE w/ DEBUG modes before making the transition to SECURE mode.

Regards,

Dheeraj

0 Likes