The following document contains information on Cypress products.
How to setup Flash Security
32-BIT MICROCONTROLLER
FM0+, FM3, and FM4 Families
APPLICATION NOTE
Publication Number FMx_AN706-00089-1v0-E
CONFIDENTIAL
Revision 1.0
Issue Date July 01, 2014
A P P L I C A T I O N
N O T E
Revision History
Date
Issue
2014-07-01
V1.0; MWi; 1 version
2
CONFIDENTIAL
st
FMx_AN706-00089-1v0-E, July 01, 2014
A P P L I C A T I O N
N O T E
Target products
This application note is described about below products:
Series
All products
FM3
FM4
All products
All products
July 01, 2014, FMx_AN706-00089-1v0-E
CONFIDENTIAL
Product Number (not included Package suffix)
FM0+
3
A P P L I C A T I O N
N O T E
Table of Contents
1. Introduction .............................................................................................................................................. 5
1.1 About Document ............................................................................................................................. 5
2. Mechanism of Flash Security ................................................................................................................. 6
2.1 Methods of setting Flash Security................................................................................................... 6
3. Setting Flash Security by Project ........................................................................................................... 7
3.1 Procedure ....................................................................................................................................... 7
3.1.1 Assembly and Linker File for IAR EWARM ......................................................................... 7
3.1.2 Assembly File for KEIL µVISION ......................................................................................... 7
3.1.3 Assembly and Linker File for Atollic TrueStudio .................................................................. 8
3.1.4 Assembly and Linker File for GNU Compiler Environment .................................................. 9
4. Setting Flash Security by Patching S-Record or HEX File ................................................................. 10
4.1 S-Record File Format ................................................................................................................... 10
4.2 HEX File Format ........................................................................................................................... 11
5. Flash Security Sector Overview ........................................................................................................... 12
5.1 FM0+ Devices .............................................................................................................................. 12
5.2 FM3 Devices ................................................................................................................................ 12
5.3 FM4 Devices ................................................................................................................................ 12
4
CONFIDENTIAL
FMx_AN706-00089-1v0-E, July 01, 2014
A P P L I C A T I O N
N O T E
1. Introduction
1.1
About Document
This application note describes how to setup the Flash Security for FM0+, FM3, and FM4 devices.
July 01, 2014, FMx_AN706-00089-1v0-E
CONFIDENTIAL
5
A P P L I C A T I O N
N O T E
2. Mechanism of Flash Security
The default setting of any FMx-MCU is Flash Security disabled. In this mode the user has full access to the
Flash memory via Flash programming tools and JTAG debuggers from outside.
By enabling the Flash security the Flash contents cannot be accessed from outside anymore. Any read out
trial results in 0x0000 values. The only way to unlock the Flash Security is to perform a Flash chip erase
sequence via a Flash programming tool.
The Flash Security is not controlled by Boot-ROM or software – it is a part of the hardware macro of the
Flash memory itself.
The Flash Security is enabled, if a certain data pattern (e.g. 0x0001) is written to a special Flash sector
address.
2.1
Methods of setting Flash Security
Because the Spansion software examples and templates do not contain a Flash Security setting, this
application note describes how to enable it.
There are two mechanisms of setting the Flash Security: By special project settings or by patching the
S-Record or HEX record file.
In any case a Flash programming tool (serial/USB) has to be used to enable the Flash Security by
programming, because the JTAG interface will stop working, if the Flash Security is set.
6
CONFIDENTIAL
FMx_AN706-00089-1v0-E, July 01, 2014
A P P L I C A T I O N
N O T E
3. Setting Flash Security by Project
3.1
Procedure
The easiest way is to create a small assembly file with a memory section of the Flash Security sector. In this
memory section the Flash Security pattern is defined as a constant.
This assembly file will finally added to the project after debugging phase and just before final project build.
IAR’s EWARM and GCC tool chains need also a modification of their linker files.
Afterwards use a Flash programming tool (serial/USB) to program the Flash memory with Flash Security
enabled.
3.1.1
Assembly and Linker File for IAR EWARM
The following assembly code can be used for enabling the Flash Security. In this example the Flash Security
sector address is 0x0010.0000 and the pattern is 0x0001:
MODULE FLASH_SECURITY
SECTION .flashsec : CONST (2)
DC16 0x0001
END
The filename is regardless. It is not necessary to give it the same name as the assembly module name.
Edit the corresponding linker file (*.icf) and add the following lines:
define region FLASH_SECURITY_region = mem:[from 0x00100000 to 0x00100003];
define symbol FLASH_SECURITY_ADDRESS = 0x00100000;
place at address mem:FLASH_SECURITY_ADDRESS { readonly section .flashsec };
Assuming the filename is flashsecurity.s this section will occur in the mapping file of the linker after build like:
"A2":
FLASHSEC
3.1.2
const
0x00100000
- 0x00100002
0x4
0x2
0x2
flashsecurity.o [1]
Assembly File for KEIL µVISION
The following assembly code can be used for enabling the Flash Security. In this example the Flash Security
sector address is 0x0010.0000 and the pattern is 0x0001:
AREA
DCB
DCB
|.ARM.__at_0x00100000|, DATA, READONLY
0x01
0x00
END
The filename is regardless.
Assuming the filename is flash_security.s this section will occur in the mapping file of the linker as:
July 01, 2014, FMx_AN706-00089-1v0-E
CONFIDENTIAL
7
A P P L I C A T I O N
N O T E
Load Region LR$$.ARM.__at_0x00100000 (Base: 0x00100000, Size: 0x00000004, Max: 0x00000004, ABSOLUTE)
Execution Region ER$$.ARM.__at_0x00100000 (Base: 0x00100000, Size: 0x00000004, Max: 0x00000004,
ABSOLUTE, UNINIT)
3.1.3
Base Addr
Size
Type
Attr
0x00100000
0x00000002
Data
RO
Idx
E Section Name
83
Object
.ARM.__at_0x00100000
flash_security.o
Assembly and Linker File for Atollic TrueStudio
The following assembly code can be used for enabling the Flash Security. In this example the Flash Security
sector address is 0x0010.0000 and the pattern is 0x0001:
.section .flashsecurity, "a"
.global _flashsecurity
_flashsecurity: .long 0x00000001
The filename is regardless.
Edit the corresponding linker file (*.ld) and add the highlighted line in the MEMORY definition:
/* Specify the memory areas */
MEMORY
{
FLASH (rx)
: ORIGIN = 0x00000000,
RAM (xrw)
: ORIGIN = 0x1FFF8000,
FLASHSEC (r)
: ORIGIN = 0x00100000,
MEMORY_B1 (rx) : ORIGIN = 0x60000000,
}
LENGTH
LENGTH
LENGTH
LENGTH
=
=
=
=
512K
64K
4
0K
Add the highlighted lines to the SECTION definitions just before the RAM section definitions:
. = ALIGN(4);
_edata = .;
} >RAM AT> FLASH
/* define a global symbol at data end */
.flashsecurity :
{
. = ALIGN(4);
_flashsecurity = .;
KEEP(*(.flashsecurity))
. = ALIGN(4);
} >FLASHSEC
/* Uninitialized data section */
. = ALIGN(4);
8
CONFIDENTIAL
FMx_AN706-00089-1v0-E, July 01, 2014
A P P L I C A T I O N
N O T E
Assuming the filename is flashsec.s this section will occur in the mapping file of the linker as:
.flashsecurity
0x00100000
0x4
0x00100000
. = ALIGN (0x4)
0x00100000
_flashsecurity = .
*(.flashsecurity)
.flashsecurity
0x00100000
0x00100004
3.1.4
0x4 source/flashsec.o
. = ALIGN (0x4)
Assembly and Linker File for GNU Compiler Environment
Refer to the previous chapter (Atollic TrueStudio).
July 01, 2014, FMx_AN706-00089-1v0-E
CONFIDENTIAL
9
A P P L I C A T I O N
N O T E
4. Setting Flash Security by Patching S-Record or HEX File
4.1
S-Record File Format
The S-Record file format lines consist typically of the character ‘S’, the type of the line, the byte count of the
data payload of this line, an address, the data payload, and a checksum byte.
The type codes of S-Record lines are:
Code
S0
S1
S2
S3
S5
S7
S8
S9
Description
Block Header
Data Payload
Data Payload
Data Payload
Record Count
End of Block
End of Block
End of Block
Number of Address Bytes
2
2
3
4
2
4
3
2
Datafield
Yes
Yes
Yes
Yes
No
No
No
No
It is a good idea to put the Flash security data before the last S-Record line (S7-9):
Assume the Flash security is enabled by setting 0x0001 to the address 0x0010.0000. Then the additional
S-Record line is:
S20810000001000000E6
Detailed explanation of this line:
S
Data Payload with 3
Byte Address
2
Byte Count
3 Byte Address
08
100000
Data Payload (Big
Endian)
01000000
Check Sum
E6
The checksum is calculated as: Add all bytes after the Sn type and before the checksum byte itself. Take
only the lower byte of the sum and invert the sum:
0x08 + 0x10 + 0x01 = 0x19
0x19 = 0xE6
10
CONFIDENTIAL
(0x00 bytes are skipped in the calculation.)
FMx_AN706-00089-1v0-E, July 01, 2014
A P P L I C A T I O N
4.2
N O T E
HEX File Format
The Intel HEX file format lines for 32 bit architectures consist typically of a colon, the byte count of the data
payload of this line, an address, the type of the line, the data payload, and a checksum byte.
The type codes of HEX lines are:
Code
0x00
0x01
0x02
0x03
0x04
0x05
Description
Data payload
End of file
Extended Segment Address
Start Segment Address
Extended Linear Address
Start Linear Address
It is a good idea to put the Flash security data before the last HEX line, which is usually:
:00000001FF
Assume the Flash security is enabled by setting 0x0001 to the address 0x0010.0000. Then the additional
HEX lines are:
:020000040010EA
:0400000001000000FB
Detailed explanation of these lines:
Data
Count
: 02
Dummy Address
Data
Count
: 04
Lower 16 Bit of
Security Address
0000
0000
Extended Linear
Address
04
Upper 16 Bit of Security
Address
0010
Check Sum
Data Line
Security Code Data (Big
Endian)
01000000
Check Sum
00
EA
FB
The checksum is calculated as: Add all bytes after ‘:’ and before the checksum byte itself. Take only the
lower byte of the sum. Invert the sum and add 1.
Example for first line:
0x02 + 0x04 + 0x10 = 0x16
0x16 = 0xE9
0xE9 + 0x01 = 0xEA
July 01, 2014, FMx_AN706-00089-1v0-E
CONFIDENTIAL
(0x00 bytes are skipped in the calculation)
11
A P P L I C A T I O N
N O T E
5. Flash Security Sector Overview
The following tables give an overview of the Flash Security sector address and its activation pattern. Refer to
the peripheral manual for cross reference between device type and part number.
5.1
FM0+ Devices
Device Type
0
1
5.2
CONFIDENTIAL
Flash Security address
0x0010_0000
0x0010_0000
0x0010_0000
0x0010_0000
0x0010_0000
0x0010_0000
0x0010_0000
0x0010_0000
0x0010_0000
0x0010_0000
0x0010_0000
0x0010_0000
0x0040_0000
Activation pattern
0x0001
0x0001
0x0001
0x0001
0x0001
0x0001
0x0001
0x0001
0x0001
0x0001
0x0001
0x0001
0x0001
Flash Security address
0x0040_0000
Activation pattern
0x0001
FM4 Devices
Device Type
0
12
Activation pattern
0x0001
FM3 Devices
Device Type
0
1
2
3
4
5
6
7
8
9
10
11
12
5.3
Flash Security address
0x0010_0000
FMx_AN706-00089-1v0-E, July 01, 2014
A P P L I C A T I O N
N O T E
FMx_AN706-00089-1v0-E
Spansion Controller Manual
FM0+, FM3, FM4 Families
32-BIT MICROCONTROLLER
All FM0+, FM3, FM4 Series
How to setup Flash Security
July 2014 Rev. 1.0
Published:
Edited:
Spansion Inc.
MCU Industrial Application Team
July 01, 2014, FMx_AN706-00089-1v0-E
CONFIDENTIAL
13
A P P L I C A T I O N
N O T E
Colophon
The products described in this document are designed, developed and manufactured as contemplated for general use,
including without limitation, ordinary industrial use, general office use, personal use, and household use, but are not
designed, developed and manufactured as contemplated (1) for any use that includes fatal risks or dangers that, unless
extremely high safety is secured, could have a serious effect to the public, and could lead directly to death, personal injury,
severe physical damage or other loss (i.e., nuclear reaction control in nuclear facility, aircraft flight control, air traffic control,
mass transport control, medical life support system, missile launch control in weapon system), or (2) for any use where
chance of failure is intolerable (i.e., submersible repeater and artificial satellite). Please note that Spansion will not be liable
to you and/or any third party for any claims or damages arising in connection with above-mentioned uses of the products.
Any semiconductor devices have an inherent chance of failure. You must protect against injury, damage or loss from such
failures by incorporating safety design measures into your facility and equipment such as redundancy, fire protection, and
prevention of over-current levels and other abnormal operating conditions. If any products described in this document
represent goods or technologies subject to certain restrictions on export under the Foreign Exchange and Foreign Trade Law
of Japan, the US Export Administration Regulations or the applicable laws of any other country, the prior authorization by the
respective government entity will be required for export of those products.
Trademarks and Notice
The contents of this document are subject to change without notice. This document may contain information on a Spansion
product under development by Spansion. Spansion reserves the right to change or discontinue work on any product without
notice. The information in this document is provided as is without warranty or guarantee of any kind as to its accuracy,
completeness, operability, fitness for particular purpose, merchantability, non-infringement of third-party rights, or any other
warranty, express, implied, or statutory. Spansion assumes no liability for any damages of any kind arising out of the use of
the information in this document.
®
®
®
TM
Copyright © 2014 Spansion LLC. All rights reserved. Spansion , the Spansion logo, MirrorBit , MirrorBit Eclipse ,
TM
ORNAND and combinations thereof, are trademarks and registered trademarks of Spansion LLC in the United States and
other countries. Other names used are for informational purposes only and may be trademarks of their respective owners.
14
CONFIDENTIAL
FMx_AN706-00089-1v0-E, July 01, 2014