3 Replies Latest reply on Apr 13, 2015 5:12 PM by WaMa_286156

    General Flash Protection questions


       I've read AN2015, and several forum posts, and I have some questions left over.


       Flash protection is 3 levels.  0= unprotected.  1=external reads disabled. 2= external read/write disabled. 3= external read/all writes disabled.  Levels 0,1,2 allow the cpu  to write internal flash (to allow, for example, emulated eprom)


        I've read on forums that even with level 3, you can erase the chip, and also have read that with level 3, you cannot erase the chip.


        There is a psoc4 document (KBA87495) that indicates there are other protection modes.  Maybe only for PSoC 4.


        So, my question is, based on the readers experiences:


      1) Is level 1 enough protection to prevent people from seeing my code?


      2) If I program level 3, is my processor forever bricked if something is wrong?  (With Kill on PSoC4, that appears to be true)


      3) At what level does debugging stop working, or since it comes through the SWD port, does debugging *always* work?





        • 1. Re: General Flash Protection questions

            I apologize for the large text. I copied/pasted and did not realize the text would show like that.  I can't edit it, as the first post in a new topic cannot be edited.

          • 2. Re: General Flash Protection questions

            There is a Write-Once-Latch (WOL) that, when programmed with the correct key, inhibits any further programming and erasing of the chip, prevents from debugging and read-out of flash by a programmer. See PSoC5LP programming specs pg. 83


            The flash security options are described best imho in creator help. enter "flash security" into help search field.





            • 3. Re: General Flash Protection questions

              Thanks Bob!  That makes sense. It set me on a witch hunt, with the proper search terms in hand.


                In addition to that draconian step, there is another way to allow yourself a reprogrammable device without allowing debug.


                In An72382, page 9, it talks about the "System" tab for the cydwr file.  In it there is a Programming\Debugging line, which has SWD options for Debug.  In that old app Note, it says to select "Debug Ports Disabled."  That option is no longer available.  I suspect that the selection "GPIO" is the one that prevents debugging on those ports.  You can then use them as GPIO.


               Edit: It appears you may also have to select "Enable Device Protection" also.  


                That combined with Level 1 of protection should (I hope) give a reasonable amount of protection for my stuff.  I don't care if someone erases my code, I just don't want it hanging out there through the debug port or visible otherwise.  There may be a minimum time window that debug could still occur, that is probably ok, we plan to do some obscuring of the device.


                In addition, there may be NVL for debug enable/disable without WOL being set.  Still looking.