3 Replies Latest reply on Nov 17, 2020 6:21 AM by DheerajK_81

    Reversible DAP lock using EFUSE_DATA_SECURE_ACCESS_RESTRICT0

    user_4814686

      Hello,

       

      Once the lifecycle stage is set to SECURE, is it possible to go from a DAP lock state to a DAP unlock state using the EFUSE_DATA_SECURE_ACCESS_RESTRICT0 register?

       

      If not, is there any way to unlock the DAP once it has been locked in any given lifecycle stage?

       

      Thank you,

      Xavier

        • 1. Re: Reversible DAP lock using EFUSE_DATA_SECURE_ACCESS_RESTRICT0
          DheerajK_81

          Hello Xavier,

           

          No, this is not possible. Blowing the EFuse is an irreversible process. So, based on the EFUSE_DATA_SECURE_ACCESS_RESTRICT0 register setting, it is going to blow the EFuses accordingly when the lifecycle is changed to SECURE and you can't go back to a lower protection setting.

           

          Hence, during development, it is recommended to test your designs using NORMAL and Secure w/ Debug Lifecycle modes. Secure w/ Debug allows DAP access.

           

          For more information refer:

          PSoC6 Architecture TRM

          PSoC6 Register TRM

           

          Hope this answers your query

           

          Regards,

          Dheeraj

          • 2. Re: Reversible DAP lock using EFUSE_DATA_SECURE_ACCESS_RESTRICT0
            user_4814686

            Hi Dheeraj,

             

            Thank you for your reply!

             

            First follow-up question:

             

            When in Secure w/ Debug Lifecycle mode, will the DAP access be enabled even if the EFUSE_DATA_SECURE_ACCESS_RESTRICT0 register is set to disable the DAP access?

             

            Second follow-up question:

             

            Is it possible to lock/unlock the DAP in Normal Lifecycle mode? If so, could you advise on the procedure to follow?

             

            From the DAP Security section of the PSoC 6 programming manual: "The second bit, CPUSS_DP_CTL.xxx_DISABLE, can be set during boot, before the debugger can connect, based on eFuse settings for SECURE or DEAD life-cycle stage or based on NAR settings in Supervisory flash for NORMAL life-cycle."

             

            Thank you very much,

            Xavier

            • 3. Re: Reversible DAP lock using EFUSE_DATA_SECURE_ACCESS_RESTRICT0
              DheerajK_81

              Hello Xavier,

               

              Answers inline.

               

              When in Secure w/ Debug Lifecycle mode, will the DAP access be enabled even if the EFUSE_DATA_SECURE_ACCESS_RESTRICT0 register is set to disable the DAP access?

              Yes, that's right. In Secure w/ Debug mode, the normal access restrictions will apply. EFUSE_DATA_SECURE_ACCESS_RESTRICT0 will only come into effect if you transition to Secure mode from Normal mode. It does not have a role to play in Secure w/ Debug mode.

               

              Is it possible to lock/unlock the DAP in Normal Lifecycle mode? If so, could you advise on the procedure to follow?

              Yes, it is. Please refer to the following thread: Is it possible to prevent user to trace through SWD/JTAG?

               

              Regards,
              Dheeraj