1 Reply Latest reply on Jun 24, 2019 4:01 AM by GeonaP_26

    Erase SFlash from custom PC app

    JeHu_3414236

      I want to write a command line PC app to program a bootloader and change the lifecyle to secure.  I am using the sample app from PSoC Programmer in \Examples\Programming\PSoC6\SWD\C_Sharp.  The example does not erase SFlash when programming and has this comment:

       

      //Do not erase Supervisory Flash region, since there stored device configuration data

      //PSoC6 device may be corrupted if SFlash will be erased

       

      I cannot program the bootloader if I don't erase SFlash because some data needs to be written there like TOC.  What SFlash addresses can I erase when programming the bootloader?

       

      When bootloader programming is done I want to change the lifecycle.  Does the bootloader need to be run once before I change the lifecyle or can I change lifecycle immediately without calling DAP_ReleaseChip?

        • 1. Re: Erase SFlash from custom PC app
          GeonaP_26

          The example does not erase SFlash when programming and has this comment:

           

          //Do not erase Supervisory Flash region, since there stored device configuration data

          //PSoC6 device may be corrupted if SFlash will be erased

          Supervisory Flash (SFlash) contains accessible and restricted sub-regions. Flash boot, trim constants, and the Table of Contents1 (TOC1) in SFlash are restricted from being reprogrammed in either Normal or Secure modes. Even though, SFlash is not erased, it is programmed and verified as part of the programming flow implemented in C_Sharp.sln.

           

          To ensure that the restricted sub-regions have not been tampered after the MCU has left Cypress, a hash of these objects is stored in eFuse. This hash is referred to as Factory_HASH. The Factory_HASH is not used either Normal and Secure modes. Prior to the transition to Secure mode, the Factory_HASH ensures that the device can be validated. Please contact Cypress if the Factory_HASH has been corrupted.

           

          I cannot program the bootloader if I don't erase SFlash because some data needs to be written there like TOC.  What SFlash addresses can I erase when programming the bootloader?

          Flash boot, trim constants, and the TOC1 are restricted from being reprogrammed in either Normal or Secure modes. Whereas, upto 32kb SFlash User Area, Normal Access Restrictions (NAR), Public Key, Table of Contents Part 2 (TOC2) are accessible in Normal mode. I assume that you are referring to TOC2 in your query. The linker script must contain appropriate sections and data to update these regions. For address range and more details, please refer to PSoC 6 MCU Programming Specifications and the example provided in AN221111 - Creating a Secure System.

          Please note that writing to the five accessible sub-regions is not possible when the chip is in Secure Life Cycle stage.

           

          When bootloader programming is done I want to change the lifecycle.  Does the bootloader need to be run once before I change the lifecyle or can I change lifecycle immediately without calling DAP_ReleaseChip?

          The table of contents and all data included in the verification needs to be programmed before the eFuse programming step. If that's taken care, you can program eFuse as the last step of programming. If these data are modified after blowing the Secure bit, the PSoC 6 MCU will go to Dead state.  Please refer to the programming flow available in PSoC 6 MCU Programming Specifications. You can find more details on the Chain of Trust from AN221111 - Creating a Secure System.