I'm porting from Kinetis KL05 to LPC804 (due to availability).
On KL05 I enable Flash Security by setting FSEC[SEC] bits to 00. That allows only mass-erase using the SWD debug port.
This is ideal because I can prevent the casual hacker from downloading the flash from my product, but if we find a firmware bug after chips have been flashed, we can mass-erase and re-flash them.
On LPC8x, I'm reading that if I enable "Code Read Protection" it will disable the SWD port. I wasn't planning to use the ISP (UART bootloader). So am I unable to mass-erase and reflash a secured part from the SWD port?
Does this mean I need to expose both SWD and ISP pins to my debug header? Seems like a lot of pins wasted.
已解决! 转到解答。
Hi, Paul,
For LPC804, that the SWD port is blocked means the SWD is blocked exactly, there is not backdoor like Kinetis.
Pls refer to Table 6 in UM11065.pdf, if you use CRP1, the SWD port is blocked, in ISP mode, you can erase all flash sector, then download application code to flash again via SWD. This is similar to the Kinetis mass erase function in security mode.
So I suggest you keep the ISP function on your target board.
LPC804 link:
Hope it can help you
BR
XiangJun Rong
Hi, Paul,
For LPC804, that the SWD port is blocked means the SWD is blocked exactly, there is not backdoor like Kinetis.
Pls refer to Table 6 in UM11065.pdf, if you use CRP1, the SWD port is blocked, in ISP mode, you can erase all flash sector, then download application code to flash again via SWD. This is similar to the Kinetis mass erase function in security mode.
So I suggest you keep the ISP function on your target board.
LPC804 link:
Hope it can help you
BR
XiangJun Rong
I think I can answer my own question. I found an app note about CRP but for the LPC11 (not LPC8) but it looks like it is relevant. https://www.nxp.com/docs/en/application-note/AN10968.pdf
And I also found in startup\startup_lpc804.c
//*****************************************************************************
// Variable to store CRP value in. Will be placed automatically
// by the linker when "Enable Code Read Protect" selected.
// See crp.h header for more information
//*****************************************************************************
#include <NXP/crp.h>
__CRP const unsigned int CRP_WORD = CRP_NO_CRP ;
That includes NXP/crp.h, which explains it pretty clearly:
// Disables UART and USB In System Programming (reads and writes)
// Leaves SWD debugging, with reads and writes, enabled
#define CRP_NO_ISP 0x4E697370
// Disables SWD debugging & JTAG, leaves ISP with with reads and writes enabled
// You will need UART connectivity and FlashMagic (flashmagictool.com) to reverse
// this. Don't even try this without these tools; most likely the SWD flash
// programming will not even complete.
// Allows reads and writes only to RAM above 0x10000300 and flash other than
// sector 0 (the first 4 kB). Full erase also allowed- again only through UART
// and FlashMagic (NO JTAG/SWD)
#define CRP_CRP1 0x12345678
// Disables SWD debugging & JTAG, leaves UART ISP with with only full erase
// enabled. You must have UART access and FlashMagic before setting this
// option.
// Don't even try this without these tools; most likely the SWD flash
// programming will not even complete.
#define CRP_CRP2 0x87654321
/************************************************************/
/**** DANGER CRP3 WILL LOCK PART TO ALL READS and WRITES ****/
#define CRP_CRP3_CONSUME_PART 0x43218765
/************************************************************/
So it seems that I can't even program a production flash image with a SWD connection.
I hope my contract assembler can flash with ISP.