Code protection is usually considered at the last step during developing stage. The purpose is to protect our code being hacked when the product is released to market. For example, using ECRP to disable SWD debug interface, disable ISP, disable mass erase, etc.
1. ECRP vs Legacy CRP
ECRP (Enhanced Code Read Protection) is versus legacy CRP on early LPC devices. We can consider ECRP as an advanced version of CRP.
Comparing with CRP, ECRP adds new protection features:
− Block ISP via Pins
− Block ISP using IAP
− Block SWD
− Mass Erase enable/disable
− Sector protection
This table lists the difference of ECRP vs. CRP from Anti-Tampering and Flexible view.
2. Understand and implement ECRP
ECRP allows user to tenable below features:
− Protect FLASH from ISP Erase/Write
− Protect FLASH from IAP Erase/Write
− Enable/Disable ISP Entry from bootloader
− Enable/Disable ISP Entry from IAP call
− Enable/Disable SWD Enable/Disable
It looks easy but it is important to know that ECRP feature is controlled by both FLASH and OTP configuration! The most restrictive combination in both setting is needed
2.1 Where is FLASH ECRP:
ECRP is at 0x20 of vector table, it’s uint32_t type. We write to this address to set FLASH ECRP protection. The valid bits of FLASH_ECRP is 0-17bit, and the default value is 0xFFFF_FFFF. For detail, please see UM.
2.2 Where is OTP ECRP
OPT is a non-volatile and write-once register. OTP is not FLASH and it can be ONLY written by IAP function. OPT ECRP configuration is at OPT bank 3. The default OTP ECRP value is 0.
2.3 FLASH ECRP + OTP ECRP Decides the Protection.
See this table to show the combination.
Here OTP ECRP is always set with higher priority than FLASH ECRP!
Here is typical ECRP settings
2.4 Be Attention!
The part is permanently disabled when
On-chip Image(s) are ruined
SWD access prohibited
ISP entries prohibited
Please be attention when testing ECRP feature, mis-operation may make the chip brick!