Техническая Спецификация для Freescale Semiconductor MC56F8006 Demo board MC56F8006DEMO MC56F8006DEMO
Модели
MC56F8006DEMO
MC56F8006/MC56F8002 Digital Signal Controller, Rev. 4
Security Features
Freescale Semiconductor
40
application software could communicate over a serial port, for example, to validate the authenticity of the requested access, then
grant it until the next device reset. The inclusion of such a back door technique is at the discretion of the system designer.
grant it until the next device reset. The inclusion of such a back door technique is at the discretion of the system designer.
7.1
Operation with Security Enabled
After you have programmed flash with the application code, or as part of the programming of the flash with the application
code, the 56F8006/56F8002 can be secured by programming the security word, 0x0002, into program memory location 0x00
1FF7. This can also be effected by use of the CodeWarrior IDE menu flash lock command. This nonvolatile word keeps the
device secured after reset, caused, for example, by a power-down of the device. Refer to the flash memory chapter in the
MC56F8006 Peripheral Reference Manual for detail. When flash security mode is enabled, the 56F8006/56F8002 disables the
core EOnCE debug capabilities. Normal program execution is otherwise unaffected.
code, the 56F8006/56F8002 can be secured by programming the security word, 0x0002, into program memory location 0x00
1FF7. This can also be effected by use of the CodeWarrior IDE menu flash lock command. This nonvolatile word keeps the
device secured after reset, caused, for example, by a power-down of the device. Refer to the flash memory chapter in the
MC56F8006 Peripheral Reference Manual for detail. When flash security mode is enabled, the 56F8006/56F8002 disables the
core EOnCE debug capabilities. Normal program execution is otherwise unaffected.
7.2
Flash Access Lock and Unlock Mechanisms
There are several methods that effectively lock or unlock the on-chip flash.
7.2.1
Disabling EOnCE Access
On-chip flash can be read by issuing commands across the EOnCE port, which is the debug interface for the 56800E CPU. The
TCK, TMS, TDO, and TDI pins comprise a JTAG interface onto which the EOnCE port functionality is mapped. When the
device boots, the chip-level JTAG TAP (test access port) is active and provides the chip’s boundary scan capability and access
to the ID register, but proper implementation of flash security blocks any attempt to access the internal flash memory via the
EOnCE port when security is enabled. This protection is effective when the device comes out of reset, even prior to the
execution of any code at startup.
TCK, TMS, TDO, and TDI pins comprise a JTAG interface onto which the EOnCE port functionality is mapped. When the
device boots, the chip-level JTAG TAP (test access port) is active and provides the chip’s boundary scan capability and access
to the ID register, but proper implementation of flash security blocks any attempt to access the internal flash memory via the
EOnCE port when security is enabled. This protection is effective when the device comes out of reset, even prior to the
execution of any code at startup.
7.2.2
Flash Lockout Recovery Using JTAG
If the device is secured, one lockout recovery mechanism is the complete erasure of the internal flash contents, including the
configuration field, thus disabling security (the protection register is cleared). This does not compromise security, as the entire
contents of your secured code stored in flash are erased before security is disabled on the device on the next reset or power-up
sequence.
configuration field, thus disabling security (the protection register is cleared). This does not compromise security, as the entire
contents of your secured code stored in flash are erased before security is disabled on the device on the next reset or power-up
sequence.
To start the lockout recovery sequence via JTAG, the JTAG public instruction (LOCKOUT_RECOVERY) must first be shifted
into the chip-level TAP controller’s instruction register. After the LOCKOUT_RECOVERY instruction has been shifted into
the instruction register, the clock divider value must be shifted into the corresponding 7-bit data register. After the data register
has been updated, you must transition the TAP controller into the RUN-TEST/IDLE state for the lockout sequence to
commence. The controller must remain in this state until the erase sequence is complete. Refer to the MC56F8006 Peripheral
Reference Manual for detail, or contact Freescale.
into the chip-level TAP controller’s instruction register. After the LOCKOUT_RECOVERY instruction has been shifted into
the instruction register, the clock divider value must be shifted into the corresponding 7-bit data register. After the data register
has been updated, you must transition the TAP controller into the RUN-TEST/IDLE state for the lockout sequence to
commence. The controller must remain in this state until the erase sequence is complete. Refer to the MC56F8006 Peripheral
Reference Manual for detail, or contact Freescale.
NOTE
After the lockout recovery sequence has completed, you must reset the JTAG TAP
controller and device to return to normal unsecured operation. Power-on reset resets both
too.
controller and device to return to normal unsecured operation. Power-on reset resets both
too.
7.2.3
Flash Lockout Recovery Using CodeWarrior
CodeWarrior can unlock a device by selecting the Debug menu, then selecting DSP56800E, followed by Unlock Flash. Another
mechanism is also built into CodeWarrior using the device’s memory configuration file. The command
“Unlock_Flash_on_Connect 1” in the .cfg file accomplishes the same task as using the Debug menu.
mechanism is also built into CodeWarrior using the device’s memory configuration file. The command
“Unlock_Flash_on_Connect 1” in the .cfg file accomplishes the same task as using the Debug menu.
This lockout recovery mechanism is the complete erasure of the internal flash contents, including the configuration field, thus
disabling security (the protection register is cleared).
disabling security (the protection register is cleared).