Employee
It is recommended that you read the previous blog posting about PSoC™ 6 Lifecycle and protection states, before reading this article.
Each PSoC™ 6 device includes the common ARM SWD/JTAG external interface for debugging and programming. The pins used for the debug interface are not dedicated pins, but are normal GPIOs that can be configured to connect to the Debug Access Port Bus or DAP Bus. This DAP Bus is connected to three different access ports, CM0-AP (CM0 CPU), CM4-AP (CM4 CPU) and the SYS-AP (System AHB). When debugging code, you will connect to either the CM0-AP or CM4-AP to debug your CM0 or CM4 project respectively. When programming the device, a connection is made to the SYS-AP which allows the programmer to write to SRAM and MMIO to trigger System Calls that perform flash programming. Below is a diagram that illustrates the architecture of the debug interface on the PSoC™ 6 family.
Each of the access ports (SYS-AP, CM0-AP, CM4-AP) can be disabled individually to limit access to the internal code and data from third parties. The SYS-AP contains an MPU (Memory Protection Unit) which provides more settings than just disable. With this MPU attached the SYS-AP, the user can limit access to all or part of memory areas such a Flash, SRAM, SFlash, and MMIO. These settings are referred to as “Access Restrictions”. The access restrictions consist of 16-bits or 2 bytes ACCESS_RESTRICT0 and ACCESS_RESTRICT1. The three least significant bits in ACCESS_RESTRICT0 control disabling the three access ports. Most of the remaining bits control the MPU connected to the SYS-AP. The tables below define each of the bits that control the access restrictions.
|
||||||||||||||||||
- ACCESS_RESTRICT0
|
||||||||||||||||||
- ACCESS_RESTRICT1
In order to make use of the MPU attached to the SYS-AP, you must enable the SYS-AP MPU ACCESS_RESTRICT0[3] and NOT disable the SYS-AP ACCESS_RESTRICT0[2]. The following table defines each of the bits in the access restriction registers.
|
Field |
Value |
Description |
|
MMIO_Allowed |
0x0: All MMIO register 0x1: Only IPC ports 0, 1, and 2 0x2 or 0x3: No MMIO access |
Defines what MMIO register are accessible via the SYS_AP. IPC ports 0, 1, and 3 are used for system calls required for programming of the device. |
|
SFlash_Allowed |
0x0: entire region 0x1: 7/8 0x2: 3/4 0x3: 1/2 0x4: 1/4 0x5: 1/8 0x6: 1/16 0x7: nothing |
This field indicates what portion of the SFlash main region is accessible through the SYS_AP. Only a portion of flash starting at the bottom of the area is exposed. Valid only if SYS_DISABLE=0 and SYS_AP_MPU_ENABLE=1. |
|
SYS_AP_MPU_ENABLE |
0x0: SYS_AP MPU disabled 0x1: SYS_AP MPU enabled |
SYS_AP_DISABLE must not be disabled for the MPU to be enabled. |
|
SYS_AP_DISABLE |
0x0: SYS_AP not disabled 0x1: SYS_AP disabled |
Disables the SYS_AP |
|
CM4_DISABLE |
0x0: CM4_AP not disabled 0x1: CM4_AP disabled |
Disables the CM4_AP |
|
CM0_DISABLE |
0x0: CM0_AP not disabled 0x1: CM0_AP disabled |
Disables the CM0_AP |
|
DIRECT_EXE_DISABLE |
0x0: Not disabled 0x1: Disable |
Disable Direct Execture system call functionality. |
|
SMIF_XIP_ALLOWED |
0x0: Entire Region 0x1: Nothing |
This field indicates what portion of XIP is accessible through the system access port. |
|
SRAM_ALLOWED |
0x0: entire region 0x1: 7/8 0x2: 3/4th 0x3: 1/2 0x4: 1/4th 0x5: 1/8th 0x6: 1/16th 0x7: nothing |
This field indicates what portion of the SRAM region is accessible through the SYS_AP. Only a portion of SRAM starting at the bottom of the area is exposed. Valid only if SYS_DISABLE=0 and SYS_AP_MPU_ENABLE=1. |
|
FLASH_ALLOWED |
0x0: entire region 0x1: 7/8 0x2: 3/4th 0x3: 1/2 0x4: 1/4th 0x5: 1/8th 0x6: 1/16th 0x7: nothing |
This field indicates what portion of the flash main region is accessible through the SYS_AP. Only a portion of flash starting at the bottom of the area is exposed. Valid only if SYS_DISABLE=0 and SYS_AP_MPU_ENABLE=1. |
Each of the protection states Normal, Secure, and Dead have a different setting to allow different access restrictions depending on the protection state. The three different restrictions for the protection states are referred to as Secure Access Restrictions (SAR), Normal Access Restrictions (NAR) and Dead Access Restrictions (DAR). The DAR settings are used if there is an error during the boot process.
The access restrictions just disable the debug ports, but firmware must enable the debug port and configure the GPIOs to the proper mode to work. If the debug ports are disabled with the access restrictions, the user will not be able to re-enable the ports. If you want any combination of the debug ports to be opened, you must not disable the debug port you want to be opened. By default, in the Normal protection state the boot firmware configures the port and the GPIOs so debugging and programming just work, if they have not been disabled in the access restrictions. The same goes for Dead protection state, since there is no way for the user to add any code for such a condition.
For the Secure protection state, by default if you do not disable all the ports, user software will need to setup the debug port and GPIO configuration. Although there are options that allow the port and GPIOs to be configured automatically at boot time. This will be covered in more detail in a later article about Table of Contents 2 (TOC2).
For a more detailed description of the debug ports and an example configuring them, refer to Infineon Application note AN221111 – PSoC™ 6 MCU: Designing a secured system.