Code protection is usually considered at the last step during developing stage. The purpose is to protect our code being hacked when the product is released to market. For example, using ECRP to disable SWD debug interface, disable ISP, disable mass erase, etc.
ECRP (Enhanced Code Read Protection) is versus legacy CRP on early LPC devices. We can consider ECRP as an advanced version of CRP.
Comparing with CRP, ECRP adds new protection features:
− Block ISP via Pins
− Block ISP using IAP
− Block SWD
− Mass Erase enable/disable
− Sector protection
This table lists the difference of ECRP vs. CRP from Anti-Tampering and Flexible view.
ECRP allows user to tenable below features:
− Protect FLASH from ISP Erase/Write
− Protect FLASH from IAP Erase/Write
− Enable/Disable ISP Entry from bootloader
− Enable/Disable ISP Entry from IAP call
− Enable/Disable SWD Enable/Disable
It looks easy but it is important to know that ECRP feature is controlled by both FLASH and OTP configuration! The most restrictive combination in both setting is needed
ECRP is at 0x20 of vector table, it’s uint32_t type. We write to this address to set FLASH ECRP protection. The valid bits of FLASH_ECRP is 0-17bit, and the default value is 0xFFFF_FFFF. For detail, please see UM.
OPT is a non-volatile and write-once register. OTP is not FLASH and it can be ONLY written by IAP function. OPT ECRP configuration is at OPT bank 3. The default OTP ECRP value is 0.
See this table to show the combination.
Here OTP ECRP is always set with higher priority than FLASH ECRP!
Here is typical ECRP settings
The part is permanently disabled when
Please be attention when testing ECRP feature, mis-operation may make the chip brick!