Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
RebeccaWalter1
Level 1
Level 1
5 sign-ins First reply posted First question asked

Hello together,

I have a small problem: I would like to prevent the reading of the flash via the debug PINs.
I am using the CYBLE-416045-02, which is running a tested bootloader and an application.
To restrict the access via the debug PINs in normal mode, I have to configure the NAR settings in the sFlash.
I have done this in the bootloader code as follows:

NARsettings.PNG

I generate a merged hex file consists of the bootloader, application and the NAR settings

hexfile.PNG

In the PSoC Programmer GUI I selected in the Memory Types Main Flash, WFlash and SFlash. And programmed the microcontroller but it failed!!

PSoCProgrammer fail.PNG

I am still able to read out the hole memory. In the NAR sections the following bits are set:

NAR setting in sFlash.PNG

Is it possible to restrict the acsess of the DebugPINs, while programming over those PINs?

If yes, what did i wrong?

Thanks for your help!

0 Likes
1 Solution
Pushyanth_K
Moderator
Moderator
Moderator
100 sign-ins 10 solutions authored 50 replies posted

You have to disable all the Access Ports to prevent reading of flash using. ACCESS_RESTRICT0 contains the restrictions for Access Ports. Setting it to 0xff will disable the access to the flash. But once it is disabled, it is not possible to enable them back since the system call functionality allows setting NAR to only more restrictive. 

View solution in original post

0 Likes
3 Replies
Pushyanth_K
Moderator
Moderator
Moderator
100 sign-ins 10 solutions authored 50 replies posted

Hi @RebeccaWalter1 ,

 

The Normal Access Restrictions defined in the application and the one that is generated as hex looks different, for ACCESS_RESTRICT0, all the Access Ports are disabled(0b111), MPU is enabled(0b1), SFLASH access is disabled(0b11)  and MMIO is disabled(0b11), so the first byte of 0x16001A00 should be "0xff", but in the hex file you have provided it showing as "0x01". 

 

For programming NAR, 1st byte (0x16001A00) is for ACCESS_RESTRICT0, 2nd byte (0x16001A01) is for ACCESS_RESTRICT1. Please check the implementation in your side if everything is done correctly. For more information on Debug Access Restrictions, refer: PSoC_6_MCU_designing_a_custom_secured_system Section 9 - Debug Port Access Settings.

 

Best Regards,

Pushyanth

0 Likes
RebeccaWalter1
Level 1
Level 1
5 sign-ins First reply posted First question asked

Hi Pushyanth, 

i found my mistake. 

Which bits do I have to set to block the reading of the flash via the DebugPINs?

Do i really need to write 0xff and 0xff?

0 Likes
Pushyanth_K
Moderator
Moderator
Moderator
100 sign-ins 10 solutions authored 50 replies posted

You have to disable all the Access Ports to prevent reading of flash using. ACCESS_RESTRICT0 contains the restrictions for Access Ports. Setting it to 0xff will disable the access to the flash. But once it is disabled, it is not possible to enable them back since the system call functionality allows setting NAR to only more restrictive. 

0 Likes