3 Replies Latest reply on Oct 14, 2020 8:20 AM by RakshithM_16

    Chip lock PSoC 63 BLE

    gali_925661

      Hi,

       

      I have developed some applications using PSoC63 BLE with ModusToolBox. One of the final steps to bring my product to market is to prevent my firmware from being read out in the field through the debug interface. Therefore, I will need to enable my PSoC6 chip lock and disable the debug interface. I do not intent to have any firmware update capability in the field.

       

      From the PSoC programmer 3.29.0, there is no option of locking the PSoC6. From the PDL 3.1.2, there is a security folder which contains some source codes examples however, it seems that the instructions in the readme is quite out-dated. When I import the project files into ModusToolBox version 2.1, it is unable to locate the CYSDK. Where is the default path of CYSDK (assuming everything is installed default in Windows)?

       

      I have also read that in order to program the efuse, the system must be operating in 2.5V. Do I need the miniprog4?

       

      Is there any updated documentation on the device deployment where flash needs to be lock with disabled debugging port?

      Thanks.

       

      Regards,

      Gary

        • 1. Re: Chip lock PSoC 63 BLE
          RakshithM_16

          Hi Gary,

           

          I think this thread will help you - Programming eFuses using PSoC Programmer

           

          I have also read that in order to program the efuse, the system must be operating in 2.5V. Do I need the miniprog4?

          Yes, the supply voltage should be 2.5V. You can use a MiniProg4 to program the device eFuse memory.

           

          Is there any updated documentation on the device deployment where flash needs to be lock with disabled debugging port?

          The Security Application Note is currently being updated. But you can refer to the device architecture TRM for details regarding eFuse memory. Setting the Secure Access Restrictions and transitioning the device to SECURE Lifecycle mode should block the DAP access.

          You can also refer to this thread which might help you - Is it possible to prevent user to trace through SWD/JTAG?

           

          Thanks and Regards,

          Rakshith M B

          • 2. Re: Chip lock PSoC 63 BLE
            gali_925661

            Thanks for your response and I have further questions.

             

            1. As I will need to launch my product in a few weeks time, can you let me know the Security Application Note release date?

            2. The Creating a Secure System document talks about generating a secure system and transit the device lifecycle state.

            In this thread, it says moving the device directly to secure state without following the secure flow, will cause the device to end up dead.

            https://community.cypress.com/thread/47705?start=0&tstart=0

            With the Miniprog4, do I just use the PSoC Programmer to program the eFuse memory? Is there any screenshot to show me how this is done?

            3. Using Windows Cygwin program, I tried to compile the secure_image example in PDL. The makefile is unable to locate the CYSDK.  Searching my whole environment, I can't locate "find_platform.mk" required by the makefile. May I know where is the location of the CYSDK?

             

            Regards,

            Gary

            • 3. Re: Chip lock PSoC 63 BLE
              RakshithM_16

              Hi Gary,

               

              1. As I will need to launch my product in a few weeks time, can you let me know the Security Application Note release date?

              I will check internally regarding this and get back to you.

              2. The Creating a Secure System document talks about generating a secure system and transit the device lifecycle state.

              In this thread, it says moving the device directly to secure state without following the secure flow, will cause the device to end up dead.

              https://community.cypress.com/thread/47705?start=0&tstart=0

              As long as the TOC is set properly, you can transition the device to SECURE lifecycle mode. Do you have dual application or are you changing the starting address of your application? It is always recommended to first see if your application is properly functioning in NORMAL and SECURE with DEBUG mode before making the transition to SECURE mode.

              With the Miniprog4, do I just use the PSoC Programmer to program the eFuse memory? Is there any screenshot to show me how this is done?

              You will have to develop a project to program eFuse memory and then program using MiniProg4 and PSoC Programmer. This discussion might help you - Programming eFuses using PSoC Programmer

              3. Using Windows Cygwin program, I tried to compile the secure_image example in PDL. The makefile is unable to locate the CYSDK.  Searching my whole environment, I can't locate "find_platform.mk" required by the makefile. May I know where is the location of the CYSDK?

              Are you referring to the ModusToolbox secure_image project? Can you provide the path of this project?

               

              Thanks and Regards,

              Rakshith M B