Code Read Protection with SWD?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Code Read Protection with SWD?

Jump to solution
2,137 Views
phatpaul
Contributor III

I'm porting from Kinetis KL05 to LPC804 (due to availability).

On KL05 I enable Flash Security by setting FSEC[SEC] bits to 00.  That allows only mass-erase using the SWD debug port.

This is ideal because I can prevent the casual hacker from downloading the flash from my product, but if we find a firmware bug after chips have been flashed, we can mass-erase and re-flash them.

On LPC8x, I'm reading that if I enable "Code Read Protection" it will disable the SWD port.  I wasn't planning to use the ISP (UART bootloader). So am I unable to mass-erase and reflash a secured part from the SWD port?

Does this mean I need to expose both SWD and ISP pins to my debug header?  Seems like a lot of pins wasted.

Labels (1)
0 Kudos
Reply
1 Solution
2,123 Views
xiangjun_rong
NXP TechSupport
NXP TechSupport

Hi, Paul,

For LPC804, that the SWD port is blocked means the SWD is blocked exactly, there is not backdoor like Kinetis.

Pls refer to Table 6 in UM11065.pdf, if you use CRP1, the SWD port is blocked, in ISP mode, you can erase all flash sector, then download application code to flash again via SWD. This is similar to the Kinetis mass erase function in security mode.

So I suggest you keep the ISP function on your target board.

LPC804 link:

https://www.nxp.com/products/processors-and-microcontrollers/arm-microcontrollers/general-purpose-mc...

Hope it can help you

BR

XiangJun Rong

 

xiangjun_rong_0-1636703641674.png

 

View solution in original post

0 Kudos
Reply
2 Replies
2,124 Views
xiangjun_rong
NXP TechSupport
NXP TechSupport

Hi, Paul,

For LPC804, that the SWD port is blocked means the SWD is blocked exactly, there is not backdoor like Kinetis.

Pls refer to Table 6 in UM11065.pdf, if you use CRP1, the SWD port is blocked, in ISP mode, you can erase all flash sector, then download application code to flash again via SWD. This is similar to the Kinetis mass erase function in security mode.

So I suggest you keep the ISP function on your target board.

LPC804 link:

https://www.nxp.com/products/processors-and-microcontrollers/arm-microcontrollers/general-purpose-mc...

Hope it can help you

BR

XiangJun Rong

 

xiangjun_rong_0-1636703641674.png

 

0 Kudos
Reply
2,134 Views
phatpaul
Contributor III

I think I can answer my own question.  I found an app note about CRP but for the LPC11 (not LPC8) but it looks like it is relevant. https://www.nxp.com/docs/en/application-note/AN10968.pdf

And I also found in startup\startup_lpc804.c

//*****************************************************************************
// Variable to store CRP value in. Will be placed automatically
// by the linker when "Enable Code Read Protect" selected.
// See crp.h header for more information
//*****************************************************************************
#include <NXP/crp.h>
__CRP const unsigned int CRP_WORD = CRP_NO_CRP ;

 

That includes NXP/crp.h, which explains it pretty clearly:

// Disables UART and USB In System Programming (reads and writes)
// Leaves SWD debugging, with reads and writes, enabled
#define CRP_NO_ISP    0x4E697370

// Disables SWD debugging & JTAG, leaves ISP with with reads and writes enabled
// You will need UART connectivity and FlashMagic (flashmagictool.com) to reverse
// this. Don't even try this without these tools; most likely the SWD flash
// programming will not even complete.
// Allows reads and writes only to RAM above 0x10000300 and flash other than
// sector 0 (the first 4 kB). Full erase also allowed- again only through UART
// and FlashMagic (NO JTAG/SWD)
#define CRP_CRP1      0x12345678

// Disables SWD debugging & JTAG, leaves UART ISP with with only full erase
// enabled. You must have UART access and FlashMagic before setting this
// option.
// Don't even try this without these tools; most likely the SWD flash
// programming will not even complete.
#define CRP_CRP2      0x87654321

/************************************************************/
/**** DANGER CRP3 WILL LOCK PART TO ALL READS and WRITES ****/
#define CRP_CRP3_CONSUME_PART 0x43218765
/************************************************************/

 

So it seems that I can't even program a production flash image with a SWD connection.

I hope my contract assembler can flash with ISP.

0 Kudos
Reply