- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
reliability of using flash for storage.
01-29-2009
05:40 AM
5,085 次查看
I have a question for the experts here.
I want to use part of the flash in a S08JM60 to log data on an occaisional basis. I won't be wearing out the flash, so that's not a problem.
I will have a bootloader (AN2295) for updating the application, so locking the flash segment where the app resides is not possible. (unless I misunderstand the flash block protection mechanism)
How reliable is the flash writing process? Is it risky to do this without having the flash block protection?
What's the collective wisdom on this?
Thanks!
Bob
I want to use part of the flash in a S08JM60 to log data on an occaisional basis. I won't be wearing out the flash, so that's not a problem.
I will have a bootloader (AN2295) for updating the application, so locking the flash segment where the app resides is not possible. (unless I misunderstand the flash block protection mechanism)
How reliable is the flash writing process? Is it risky to do this without having the flash block protection?
What's the collective wisdom on this?
Thanks!
Bob
14 回复数
01-29-2009
09:56 AM
2,546 次查看
Given that with the 9S08 you cannot update applications in protected Flash because there is no way to temporarily un-protect it (even if using the backdoor -- I still haven't figured out what the real benefit for the backdoor mechanism is if it can't do this one basic thing), there is no way around putting the app into unprotected space (assuming you use a bootloader for app updates, that is).
So the only 'risky' aspect of using unprotected Flash is if your code has 'bugs' and attempts to write over portions of Flash that aren't supposed to be written (eg. code segment, sensitive data, etc). Good code design can make this an impossibility.
Besides that, there is always the risk of writing to Flash while the power goes off, but this can be taken care of with various hardware and/or software methods.
Message Edited by tonyp on 2009-01-29 10:59 AM
So the only 'risky' aspect of using unprotected Flash is if your code has 'bugs' and attempts to write over portions of Flash that aren't supposed to be written (eg. code segment, sensitive data, etc). Good code design can make this an impossibility.
Besides that, there is always the risk of writing to Flash while the power goes off, but this can be taken care of with various hardware and/or software methods.
Message Edited by tonyp on 2009-01-29 10:59 AM
01-29-2009
04:36 PM
2,546 次查看
What do you mean by this sentence?
"Besides that, there is always the risk of writing to Flash while the power goes off, but this can be taken care of with various hardware and/or software methods."
I am really interested in flash reliability when power goes off. I hope you can share with me a little more information about this subject.
Regards,
Jaime
"Besides that, there is always the risk of writing to Flash while the power goes off, but this can be taken care of with various hardware and/or software methods."
I am really interested in flash reliability when power goes off. I hope you can share with me a little more information about this subject.
Regards,
Jaime
01-29-2009
04:43 PM
2,546 次查看
I think you misunderstood. There is no reliability issue with the power being off. The issue is if while you're actually writing to Flash you lose power. Then you may end up with corrupted memory, if not careful.
01-29-2009
10:40 AM
2,546 次查看
Backdoor allows to unsecure the part, not to write-unprotect it. Benefits? Say you use chip security and receive some board with very strange failure. What if you need to read eeprom-flash settings that are not accessible over sci or something like that? Or verify if flash is programmed ok. Or what if after field tests (with secured chip), you want to debug without erasing all calibration data? Backdoor comes to help. The only problem - how to tell target what backdoor key is? There must be some communications channel (sci, iic etc), unless backdoor key is known to the firmware and you use some secret procedure to trigger backdoor unsecure.
To answer OP, FPROT register can be written to increase the size of protected flash. You bootloader may have NV write protection register set to protect just the bootloader. Then just before bootloader jumps to application code, or in applications startup, there could be a write to FPROT to protect whole flash or whole flash minus flash data area.
01-29-2009
10:59 AM
2,546 次查看
About the backdoor, this is all fine and dandy but most of what you describe is not something you can't do with a simple dump utility from within your code. A backdoor should be able to go beyond what you can do in software. If the MCU is in good enough condition to run code (and it must be to be able to run the backdoor procedure itself), then the code can also provide some secret or 'PIN-enabled' method to provide all that debugging info you're talking about. Another problem with backdoor is that all BDM equipment out there (that I know of) don't have a method of entering Background mode after a backdoor sequence. They seem to assume that they have to have full control and always start by resetting which cancels the backdoor.
Anyway, I'm not saying Backdoor is totally useless, only that I don't see any real benefit for it.
Now, regarding:
Message Edited by tonyp on 2009-01-29 12:00 PM
Anyway, I'm not saying Backdoor is totally useless, only that I don't see any real benefit for it.
Now, regarding:
I believe FPROT is not user writable (at least not in all MCU derivatives, don't know about the specific MCU mentioned). FPROT becomes loaded automatically with NVPROT which is always in protected space if you have protected the bootloader, above any code. So, I don't see how this would work.To answer OP, FPROT register can be written to increase the size of protected flash. You bootloader may have NV write protection register set to protect just the bootloader. Then just before bootloader jumps to application code, or in applications startup, there could be a write to FPROT to protect whole flash or whole flash minus flash data area.
Message Edited by tonyp on 2009-01-29 12:00 PM
01-29-2009
11:26 AM
2,546 次查看
Codewarrior debugger, at least for S12 one, has special option, that allows to debug after backdoor unsecure. Option is called "At connection, the target is running (hot plugging)".
FPROT is user writeable. At least S12C, S08QE and many other quite fresh parts grant FPROT writes that increase protection. You can't unprotect what's protected, but you can protect more than protected at the moment. Very useful feature.
Message Edited by kef on 2009-01-29 01:19 PM
01-29-2009
03:06 PM
2,546 次查看
Below is an excerpt from the S08JM documentation:
4.7.4 Flash Protection Register (FPROT and NVPROT)
During reset, the contents of the nonvolatile location NVPROT is copied from flash into FPROT. This
register may be read at any time, but user program writes have no meaning or effect. Background debug
commands can write to FPROT.
So, sadly I cannot manipulate the FPROT register. That said, the code will be very 'tight' regarding erasing and writing the flash, and the RAM routine will be refreshed each time I run the flash routines.
Are there any other issues? Will the LVI mechanism prevent the chip from shooting its foot off in case of a power fail? This should be very unlikely, as the app monitors the raw power supply and can stop the flash routines long before we have a power problem.
Thanks!
Bob
01-29-2009
05:32 PM
2,546 次查看
Hm, I thought new parts should be not worse than predecessors. Maybe FSL started JM long before than QE, or copypasted existing flash module.
Well, if FPROT is not writeable, then maybe try to avoid setting FCDIV until write is required. Programming before FCDIV is initialized should cause FACCERR error and work like poor write protection. If write to flash sessions are rare, then consider resetting MCU and keep FCDIV not set until next write session?
If something goes wrong, then bootloader should be able to start in any case. Checksuming application code and staying in bootloader when checksum fails is a good idea. At least user would be maybe able to reflash his device, not the same like dead device.
01-29-2009
05:40 PM
2,546 次查看
I suppose it could be a misprint in the datasheet as well. I'll cross my fingers until I get a chance to test it.
The FCDIV is a cool idea. I will see if that fits into the scheme of things.
I guess my only real worry is an inadvertent power fail in the middle of writing. If the VCC drops when the chip is in the middle of a flash routine, is there any way if could erase or corrupt the wrong sector?
Bob
01-29-2009
11:50 PM
2,546 次查看
Hello Bob,
If you check the Vcc level just prior to each erase or write, it is unlikely there would be an issue, provided you have sufficient bulk capacitance connected between Vdd and Vss to maintain adequate voltage. The worst case period is 20 milliseconds for sector erase.
If the device you are using has LVW, in addition to LVD, this might be used for early voltage sensing. The LVW flag might even be tested within the command completion wait loop, and the erase command aborted if the flag becomes set.
An even earlier warning could be achieved by monitoring the input voltage to the regulator, using ADC channel or comparator.
Regards,
Mac
If you check the Vcc level just prior to each erase or write, it is unlikely there would be an issue, provided you have sufficient bulk capacitance connected between Vdd and Vss to maintain adequate voltage. The worst case period is 20 milliseconds for sector erase.
If the device you are using has LVW, in addition to LVD, this might be used for early voltage sensing. The LVW flag might even be tested within the command completion wait loop, and the erase command aborted if the flag becomes set.
An even earlier warning could be achieved by monitoring the input voltage to the regulator, using ADC channel or comparator.
Regards,
Mac
01-30-2009
04:28 AM
2,546 次查看
I monitor raw supply voltage before a 1000uf filter cap (separated by a diode, I can tell when the input power is switched off.) So I should have plenty of warning.
Additionally, I will only be writing during the critical period, so no erase (20ms) delays will be occurring.
I feel more confident now, I didn't want to put a serial flash chip in there when there is a lot of space free in the CPU.
Bob
Additionally, I will only be writing during the critical period, so no erase (20ms) delays will be occurring.
I feel more confident now, I didn't want to put a serial flash chip in there when there is a lot of space free in the CPU.
Bob
01-29-2009
10:34 AM
2,546 次查看
The main risk is that you have to run the flash writing code from RAM. Hardened engineers consider RAM as unreliable, especially over time. That is, you shouldn't rely on the contents of the RAM to be preserved without corruptions for hours/days/weeks/years. The solution is easy: simply copy-down the code to RAM before each flash write. If you are serious, you also include a checksum with it.
