4 Replies Latest reply on Jan 15, 2019 11:11 PM by user_2457466

    How do I set device security from code ?

    user_2457466

      I want to change device security from code. I want to change from OPEN to PROTECTED.

       

      Reading TRM the register CPUSS_PROTECTION must be written to.

       

      But when i try to access this register I end up in the interrupt default handler.

       

      What i tried to do:

       

      uint32 CpuSsProtection = CY_GET_XTND_REG32( (void CYFAR *)(CYREG_CPUSS_PROTECTION) );

       

              if ( (CpuSsProtection & 0x0000000F) < (uint32_t)0x02 )

              {

                  CpuSsProtection = (uint32_t)0x02; // Set CPUSS_PROT to PROTECTED mode - note this disables debug and flash read operations

                  CY_SET_XTND_REG32( (void CYFAR *)(CYREG_CPUSS_PROTECTION), CpuSsProtection );

       

                  // Reset to run with this setup

                  //CySoftwareReset();

              }

       

      But as stated, just trying to read the register crashes the PSOC.

      So how is the correct way to go about this.

       

      Note that this must be done in code and not through the PSOC Creator IDE.

        • 1. Re: How do I set device security from code ?
          AnkitaS_51

          You can't access CPUSS_PROTECTION register from  code like in main.c as it requires privileged mode of access.It can be done through system calls which is explained in Architecture TRM from page#280:

          http://www.cypress.com/file/126171/download

          • 2. Re: How do I set device security from code ?
            user_2457466

            Hi,

             

            Thank you for the answer.

             

            According to the TRM (Table 26-1. List of System Calls) there is no CPU access to this command.

             

            I tried the following in code:

             

            uint8_t SetCpuProtection( void )

            {

                /* SYSARG control register */

                #define CY_PROT_CPUSS_SYSARG_REG       (*(reg32 *) CYREG_CPUSS_SYSARG)

                #define CY_PROT_CPUSS_SYSARG_PTR       ( (reg32 *) CYREG_CPUSS_SYSARG)

             

                /* SYSCALL control register */

                #define CY_PROT_CPUSS_SYSREQ_REG       (*(reg32 *) CYREG_CPUSS_SYSREQ)

                #define CY_PROT_CPUSS_SYSREQ_PTR       ( (reg32 *) CYREG_CPUSS_SYSREQ)

             

                #define CY_PROT_API_RETURN             (((CY_PROT_CPUSS_SYSARG_REG & 0xF0000000u) == 0xF0000000u) ? \

                                                     (CY_PROT_CPUSS_SYSARG_REG & 0x000000FFu) : \

                                                     (((CY_PROT_CPUSS_SYSARG_REG & 0xF0000000u) == 0xA0000000u) ? \

                                                        CYRET_SUCCESS : (CY_PROT_CPUSS_SYSARG_REG & 0x000000FFu)))

             

                #define CY_PROT_KEY1                0xB6u

                #define CY_PROT_KEY2                0xE0u

                #define CY_PROT_DEV_PROT_PROTECTED  0x02u

                #define CY_PROT_FLASH_MACRO0        0x00u

             

                #define CY_PROT_WRITE_PROT_OPCODE   0x000Du

                #define SYS_CALL_REQ_BIT            0x8000u

             

                uint8_t rc = 0;

             

                CY_PROT_CPUSS_SYSARG_REG = (uint32_t) ( ( CY_PROT_FLASH_MACRO0 << 24 ) | ( CY_PROT_DEV_PROT_PROTECTED << 16 ) | ( CY_PROT_KEY2 << 8 | CY_PROT_KEY1 ));

                CY_PROT_CPUSS_SYSREQ_REG = (uint32_t) ( ( SYS_CALL_REQ_BIT << 16 ) | CY_PROT_WRITE_PROT_OPCODE );

                CY_NOP;

             

                uint32_t cmdrc = CY_PROT_API_RETURN;

                if ( cmdrc == CYRET_SUCCESS )

                {

                    rc = 1;

                }

             

                return rc;

            }

             

            cmdrc contained the value 0x00000001h (note that 0xF is removed in the macro CY_PRTO_API_RETURN) which is: "Invalid Chip Protection Mode – This API is not available during the current chip protection mode."

             

            So I guess that this can only be done during programming in the production phase.

            • 3. Re: How do I set device security from code ?
              AnkitaS_51

              There are some CLI commands like” HEX_WriteChipProtection(nvector IN data)”  and “HEX_WriteProtection” in CLI User Guide available at this path in the system which can write the protection data in the hex to be programmed:

              C:\Program Files (x86)\Cypress\Programmer\Documents

              1 of 1 people found this helpful
              • 4. Re: How do I set device security from code ?
                user_2457466

                Hi Anks,

                 

                Thank you for your input to this question. That CLI command is very useful