advertisement
C8051F060/1/2/3/4/5/6/7
16.3. Security Options
The CIP-51 provides security options to protect the Flash memory from inadvertent modification by software as well as prevent the viewing of proprietary program code and constants. The Program Store Write
Enable (PSCTL.0) and the Program Store Erase Enable (PSCTL.1) bits protect the Flash memory from accidental modification by software. These bits must be explicitly set to logic 1 before software can write or erase the Flash memory. Additional security features prevent proprietary program code and data constants from being read or altered across the JTAG interface or by software running on the system controller.
A set of security lock bytes protect the Flash program memory from being read or altered across the JTAG interface. Each bit in a security lock-byte protects one 8k-byte block of memory. Clearing a bit to logic 0 in a Read Lock Byte prevents the corresponding block of Flash memory from being read across the JTAG interface. Clearing a bit in the Write/Erase Lock Byte protects the block from JTAG erasures and/or writes.
The Scratchpad area is read or write/erase locked when all bits in the corresponding security byte are cleared to logic 0.
On the C8051F060/1/2/3/4/5, the security lock bytes are located at 0xFBFE (Write/Erase Lock) and
0x7FFE (Write/Erase Lock) and 0x7FFF (Read Lock), as shown in Figure 16.2. The 512-byte sector con-
taining the lock bytes can be written to, but not erased, by software. An attempted read of a read-locked byte returns undefined data. Debugging code in a read-locked sector is not possible through the JTAG interface. The lock bits can always be read from and written to logic 0 regardless of the security setting applied to the block containing the security bytes. This allows additional blocks to be protected after the block containing the security bytes has been locked.
Important Note: To ensure protection from external access, the block containing the lock bytes must be Write/Erase locked. On the 64 k byte devices (C8051F060/1/2/3/4/5), the page containing the security bytes is 0xFA00-0xFBFF, and is locked by clearing bit 7 of the Write/Erase Lock Byte.
On the 32 k byte devices (C8051F066/7), the page containing the security bytes is 0x7E00-0x7FFF, and is locked by clearing bit 3 of the Write/Erase Lock Byte. If the page containing the security bytes is not Write/Erase locked, it is still possible to erase this page of Flash memory through the
JTAG port and reset the security bytes.
When the page containing the security bytes has been Write/Erase locked, a JTAG full device erase must be performed to unlock any areas of Flash protected by the security bytes. A JTAG full device erase is initiated by performing a normal JTAG erase operation on either of the security byte locations. This operation must be initiated through the JTAG port, and cannot be performed from firmware running on the device.
Rev. 1.2
179
C8051F060/1/2/3/4/5/6/7
Figure 16.1. C8051F060/1/2/3/4/5 Flash Program Memory Map and Security Bytes
Read and Write/Erase Security Bits
(Bit 7 is MSB)
Bit Memory Block
5
4
7
6
3
2
1
0
0xE000 - 0xFBFD
0xC000 - 0xDFFF
0xA000 - 0xBFFF
0x8000 - 0x9FFF
0x6000 - 0x7FFF
0x4000 - 0x5FFF
0x2000 - 0x3FFF
0x0000 - 0x1FFF
SFLE = 0
0xFFFF
Reserved
Read Lock Byte
Write/Erase Lock Byte
0xFC00
0xFBFF
0xFBFE
0xFBFD
Flash Access Limit
SFLE = 1
0x0000
0x007F
0x0000
Program/Data
Memory Space
Scratchpad Memory
(Data only)
Flash Read Lock Byte
Bits7-0: Each bit locks a corresponding block of memory. (Bit7 is MSB).
0: Read operations are locked (disabled) for corresponding block across the JTAG interface.
1: Read operations are unlocked (enabled) for corresponding block across the JTAG interface.
Flash Write/Erase Lock Byte
Bits7-0: Each bit locks a corresponding block of memory.
0: Write/Erase operations are locked (disabled) for corresponding block across the JTAG interface.
1: Write/Erase operations are unlocked (enabled) for corresponding block across the JTAG interface.
NOTE: When the block containing the security bytes is locked, the security bytes may be written but not erased.
Flash Access Limit
The Flash Access Limit is defined by the setting of the FLACL register, as described in
Figure 16.3. Firmware running at or above this address is prohibited from using the MOVX
and MOVC instructions to read, write, or erase Flash locations below this address.
180 Rev. 1.2
C8051F060/1/2/3/4/5/6/7
Figure 16.2. C8051F066/7 Flash Program Memory Map and Security Bytes
Read and Write/Erase Security Bits
(Bit 7 is MSB)
Bit Memory Block
1
0
3
2
7
6
5
4
N/A
N/A
N/A
N/A
0x6000 - 0x7FFD
0x4000 - 0x5FFF
0x2000 - 0x3FFF
0x0000 - 0x1FFF
SFLE = 0
Reserved
0xFFFF
Read Lock Byte
Write/Erase Lock Byte
0x8000
0x7FFF
0x7FFE
0x7FFD
Flash Access Limit
SFLE = 1
Program/Data
Memory Space
0x0000
Scratchpad Memory
(Data only)
0x007F
0x0000
Flash Read Lock Byte
Bits7-0: Each bit locks a corresponding block of memory.
0: Read operations are locked (disabled) for corresponding block across the JTAG interface.
1: Read operations are unlocked (enabled) for corresponding block across the JTAG interface.
Flash Write/Erase Lock Byte
Bits7-0: Each bit locks a corresponding block of memory.
0: Write/Erase operations are locked (disabled) for corresponding block across the JTAG interface.
1: Write/Erase operations are unlocked (enabled) for corresponding block across the JTAG interface.
NOTE: When the block containing the security bytes is locked, the security bytes may be written but not erased.
Flash Access Limit Register (FLACL)
The Flash Access Limit is defined by the setting of the FLACL register, as described in
Figure 16.3. Firmware running at or above this address is prohibited from using the MOVX
and MOVC instructions to read, write, or erase Flash locations below this address.
being read by software running on the C8051F060/1/2/3/4/5/6/7. This feature provides support for OEMs that wish to program the MCU with proprietary value-added firmware before distribution. The value-added firmware can be protected while allowing additional code to be programmed in remaining program memory space later.
The Flash Access Limit (FAL) is a 16-bit address that establishes two logical partitions in the program memory space. The first is an upper partition consisting of all the program memory locations at or above the FAL address, and the second is a lower partition consisting of all the program memory locations start-
Rev. 1.2
181
C8051F060/1/2/3/4/5/6/7
ing at 0x0000 up to (but excluding) the FAL address. Software in the upper partition can execute code in the lower partition, but is prohibited from reading locations in the lower partition using the MOVC instruction. (Executing a MOVC instruction from the upper partition with a source address in the lower partition will always return a data value of 0x00.) Software running in the lower partition can access locations in both the upper and lower partition without restriction.
The Value-added firmware should be placed in the lower partition. On reset, control is passed to the valueadded firmware via the reset vector. Once the value-added firmware completes its initial execution, it branches to a predetermined location in the upper partition. If entry points are published, software running in the upper partition may execute program code in the lower partition, but it cannot read the contents of the lower partition. Parameters may be passed to the program code running in the lower partition either through the typical method of placing them on the stack or in registers before the call or by placing them in prescribed memory locations in the upper partition.
The FAL address is specified using the contents of the Flash Access Limit Register. The 16-bit FAL address is calculated as 0xNN00, where NN is the contents of the FAL Security Register. Thus, the FAL can be located on 256-byte boundaries anywhere in program memory space. However, the 512-byte erase sector size essentially requires that a 512 boundary be used. The contents of a non-initialized FAL security byte is 0x00, thereby setting the FAL address to 0x0000 and allowing read access to all locations in program memory space by default.
Figure 16.3. FLACL: Flash Access Limit
R/W
Bit7
R/W
Bit6
R/W
Bit5
R/W
Bit4
R/W
Bit3
R/W
Bit2
R/W
Bit1
R/W
Bit0
Reset Value
00000000
SFR
Address:
SFR Address: 0xB7
SFR Page: F
Bits 7-0: FLACL: Flash Access Limit.
This register holds the high byte of the 16-bit program memory read/write/erase limit address. The entire 16-bit access limit address value is calculated as 0xNN00 where NN is replaced by contents of FLACL. A write to this register sets the Flash Access Limit. This register can only be written once after any reset. Any subsequent writes are ignored until the next reset. To fully protect all addresses below this limit, bit 0 of FLACL should be
set to ‘0’ to align the FAL on a 512-byte Flash page boundary.
182 Rev. 1.2
advertisement
Related manuals
advertisement