FL-S Advanced Sector Protect AN

FL-S Advanced Sector Protect AN
FL-S Flash Family
Advanced Sector Protection (ASP)
Application Note
1. Introduction
The Spansion® FL-S flash family of devices offers many ways to protect your data. The choices can be
overwhelming to users. This document explains the overall data protection mechanisms associated with
Spansion's ASP.
2. Legacy Data Protection
Most SPI flash devices use the same subset of core commands for backward compatibility. Within this group
of legacy commands/features (Block Protection Bits, WP# pin) is a basic method of sector protection.
In systems where multiple flash vendors’ devices are used, it may be desirable to limit command/feature use
to a set of common commands/features that work across multiple vendors’ devices. When it comes to
protecting sectors in SPI flash, the Block Protection Bits are the common way to do it.
This method allows you to protect all of the array, half the array, a quarter of the array, etc.
Most vendors will provide an OTP function, but the commands and OTP region size will likely differ between
vendors.
3. Spansion Advanced Sector Protection (ASP)
Spansion has incorporated security features from the parallel NOR flash family into the SPI flash family.
These features offer greater resolution for locking sectors along with different power-on reset behaviors in
terms of sector locking.
At the basic level, the ASP is fairly simple.
Any sector can be locked to prevent programming and erasure.
There are two ASP methods to lock a sector: Persistent Protection Bits (PPB) and Dynamic Protection Bits
(DYB) protection. These two methods can be used together and in addition to BP protection and WP# pin
hardware protection method.
 Persistent Protection Bits (PPB). There is an array of individual bits that is used to protect sectors. Each bit
in the array protects one sector. If the bit is 0 (in the programmed state), the sector is protected. These PPB
bits were implemented using flash, so when you program or erase a PPB, its state is remembered after the
next power-on/reset. There are a few things to know about PPB bits:
– You can individually program PPBs (make the bit a 0) to protect a sector. This is done with the PPB
Program command. The command uses the provided address to determine the associated PPB bit to
program.
Since the PPB were implemented as flash, programming is not instant. It is necessary to wait for the
programming operation to complete. Refer to the data sheet regarding command sequences. Spansion
provides a a Low Level Driver (LLD) written in C which can be used for code or for example how to
code. Spansion recommends using the LLD code as a guide at least.
– To unlock a sector protected with a PPB bit you have to make the bit a 1. To make any PPB bit a 1, you
have to make them all a 1 (it was implemented with flash). The PPB Erase command erases the PPB
bits. If your goal is to unprotect one PPB bit, you have to erase them all and then reprogram all the
ones to be kept protected. This operation will not happen immediately. Refer to the LLD for how to
know when the PPB Erase / PPB Program is done.
Publication Number FL-S_Advanced_Sector_Protect_AN
Revision 01
Issue Date December 10, 2012
A pplication
Note
– The group of PPB bits is basically a small sector of flash. Spansion calls it the PPB array. As with all
flash sectors, there is a limit to the number of times you can program and erase the PPB array. If every
program and erase operation of the normal flash space begins with a PPB Erase and ends with a PPB
Program, the PPB array will wear out long before the rest of the array. Therefore, PPB usage should be
limited to protecting flash data that does not change often – like code.
– The PPB array can also be protected. Use the PPB Lock bit to prevent the PPB array (individual PPB
sector locks) from being changed. See PPB Lock Bit below for details.
 Dynamic Protection Bits (DYB). Like the Persistent Protection Bits, the Dynamic Protection Bits are a
mechanism to protect sectors. Unlike PPB, the DYB can be programmed and erased individually. This is
possible, because the bits were implemented in flash internal RAM. However, since they were
implemented in RAM, they are volatile – meaning that once power is lost, the DYB protection is forgotten.
– You can individually set DYBs to 0 to protect a sector or to 1 to unprotect a sector. This is done with the
DYB Write command. The command uses the provided address to determine which DYB bit to set.
That bit is internally associated with the desired sector.
– Since the DYB are implemented in RAM, they are simpler to use – they do not have to be erased as a
group and they do not wear out. Additionally, the DYBs accept new values immediately. No need to
wait for the data to be accepted like in the PPBs.
– DYBs are ideal for sectors that are meant to be frequently protected/unprotected.
– DYBs are set to 1 when power is applied, therefore, DYBs default to no sector protection at power on.
While the basic protection mentioned above is simple, PPB protection is governed by some addition logic. A
knowledge of this additional logic is necessary so you can prevent malicious software from changing the code
or causing a denial of service.
 PPB Lock Bit. The PPB Lock Bit is located in the PPB Lock Register. It is used to enable/disable alterations
to the PPB Array. When the PPB Lock Bit is 0, the PPB Array is locked. When the PPB Array is locked, it is
not possible to change it (you cannot unprotect sectors protected with PPB and you cannot protect
additional sectors with PPB). There are a few things to know about the PPB Lock Bit:
– The PPB Lock Bit is set to 0 (PPB Array locked) at power on in the Password Protection Mode. Setting
Password Protection Mode is described below. The software must issue a Password Unlock command
to set the PPB Lock Bit to 1 so sectors can be locked and unlocked with PPBs. The PPB Lock Bit is set
to 0 at the next reset/power cycle. This is Spansion's most secure boot mode. Using this method
ensures that protected sectors cannot be changed without a password.
– The PPB Lock bit is set to 1 (PPB Array unlocked) at power on in Persistent Protection Mode. Setting
Persistent Protection Mode is described below. The software can lock the PPB Lock bit with the PPB
Lock Bit Write command, but doing so will lock the PPB Lock Bit until the next hardware reset/power
cycle. There is no command to set the PPB Lock Bit to 1 (unprotect the PPB Array) – that is determined
by the Protection Mode (Password/Persistent) at reset/power on.
– The PPB Lock Bit was implemented in flash, so programming is not instant. It is necessary to wait for
the programming operation to complete. Refer to the data sheet regarding command sequences.
Spansion provides a a Low Level Driver (LLD) written in C which can be used for code or for example
how to code. Spansion recommends using the LLD code as a guide at least.
 Protection Modes (Persistent/Password) determine how the PPB Lock Bit behaves at power on/after reset
and how it is later locked and unlocked. The device programmer or host system must choose which sector
protection method to use. Programming either of the one-time programmable, Protection Mode Lock Bits,
forces the part permanently in the selected mode. The default Protection Mode is Persistent Protection. If
you want to use Persistent Protection Mode of operation, select it during your manufacturing process.
Failure to do so will enable malicious software to set Password Protection Mode – the malicious software
will know the password and be able to change flash code/data. Once the Protection Mode has been
selected, it cannot be changed.
– The register used to set the Protection Mode (ASPR) was implemented with flash, so programming the
mode is not instant. It is necessary to wait for the programming operation to complete. Refer to the data
sheet regarding command sequences. Spansion provides a a Low Level Driver (LLD) written in C,
which can be used for code or for example how to code. Spansion recommends using the LLD code as
a guide at least.
2
FL-S_Advanced_Sector_Protect_AN_01
December 10, 2012
App l ic atio n
No t e
 Persistent Protection Mode – This mode causes the flash to power up / hardware reset to the PPB bit being
1 (unlocked). You may want the ability to lock/unlock PPB bits after power on/reset and then have the boot
program or the application lock the PPB Array to prevent changes to the PPB Array and associated locked
sectors. The PPB Lock Bit is locked with the PPB Lock Bit Write command, but only unlocked by hardware
reset/power cycle.
 Password Protection Mode – This mode causes the PPB Lock Bit to power up and hardware reset to the
PPB Lock Bit being set to 0 (locked). This prohibits changes to the PPB array. To unlock the PPB Lock Bit,
the software must send the Password Unlock command with the appropriate password. The PPB Lock Bit
will remain unlocked until the next hardware reset/power cycle. When using the Password Protection Mode,
make sure to
1. program a password first, verify it and,
2. set the Password Protection Mode bit in the ASP register.
Note: If the system inadvertently programs or erases an ASP locked sector, the Status Register will show
error status. The system is then required to use CLSR command to clear the error status before any other
command can be issued.
December 10, 2012
FL-S_Advanced_Sector_Protect_AN_01
3
A pplication
Note
4. Revision History
Section
Description
Revision 01 (December 10, 2012)
Initial release
4
FL-S_Advanced_Sector_Protect_AN_01
December 10, 2012
App l ic atio n
No t e
Colophon
The products described in this document are designed, developed and manufactured as contemplated for general use, including without
limitation, ordinary industrial use, general office use, personal use, and household use, but are not designed, developed and manufactured as
contemplated (1) for any use that includes fatal risks or dangers that, unless extremely high safety is secured, could have a serious effect to the
public, and could lead directly to death, personal injury, severe physical damage or other loss (i.e., nuclear reaction control in nuclear facility,
aircraft flight control, air traffic control, mass transport control, medical life support system, missile launch control in weapon system), or (2) for
any use where chance of failure is intolerable (i.e., submersible repeater and artificial satellite). Please note that Spansion will not be liable to
you and/or any third party for any claims or damages arising in connection with above-mentioned uses of the products. Any semiconductor
devices have an inherent chance of failure. You must protect against injury, damage or loss from such failures by incorporating safety design
measures into your facility and equipment such as redundancy, fire protection, and prevention of over-current levels and other abnormal
operating conditions. If any products described in this document represent goods or technologies subject to certain restrictions on export under
the Foreign Exchange and Foreign Trade Law of Japan, the US Export Administration Regulations or the applicable laws of any other country,
the prior authorization by the respective government entity will be required for export of those products.
Trademarks and Notice
The contents of this document are subject to change without notice. This document may contain information on a Spansion product under
development by Spansion. Spansion reserves the right to change or discontinue work on any product without notice. The information in this
document is provided as is without warranty or guarantee of any kind as to its accuracy, completeness, operability, fitness for particular purpose,
merchantability, non-infringement of third-party rights, or any other warranty, express, implied, or statutory. Spansion assumes no liability for any
damages of any kind arising out of the use of the information in this document.
Copyright © 2012 Spansion Inc. All rights reserved. Spansion®, the Spansion logo, MirrorBit®, MirrorBit® Eclipse™, ORNAND™ and combinations
thereof, are trademarks and registered trademarks of Spansion LLC in the United States and other countries. Other names used are for
informational purposes only and may be trademarks of their respective owners.
December 10, 2012
FL-S_Advanced_Sector_Protect_AN_01
5
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement