LPC546XX ECRP problem

luimarma · ‎03-04-2024

I am developing an application that is making use of a second boot loader and I want to prevent access to the SWD interface and also protect the 4 first sectors of the flash to protect the bootloader.

Programming the ECRP in the startup file of my project with value 0x0001583B works fine, but if I try to activate the IAP erase/write protection with 0x0001583B, then the programming of the image fails and the lpc546xx is ruined.

I understand that after loading the image, then writing to the first 4 sectors will no longer be possible, but why is this happening on first image writing?

How can I program the IAP erase/write protection bits of ECRP if I cannot do it at compile time in the start up code?

Is anything wrong with the following?

void (* const g_pfnVectors[])(void) = {
    // Core Level - CM4
    &_vStackTop,                       // The initial stack pointer
    ResetISR,                          // The reset handler
    NMI_Handler,                       // The NMI handler
    HardFault_Handler,                 // The hard fault handler
    MemManage_Handler,                 // The MPU fault handler
    BusFault_Handler,                  // The bus fault handler
    UsageFault_Handler,                // The usage fault handler
    __valid_user_code_checksum,        // LPC MCU checksum
    (void (*)()) 0x0001543B,           // ECRP
    0,                                 // Reserved
    0,                                 // Reserved
    SVC_Handler,                       // SVCall handler
    DebugMon_Handler,                  // Debug monitor handler
    0,                                 // Reserved
    PendSV_Handler,                    // The PendSV handler
    SysTick_Handler,                   // The SysTick handler

What am I doing wrong?

frank_m · ‎03-04-2024

> I am developing an application that is making use of a second boot loader and I want to prevent access to the SWD interface and also protect the 4 first sectors of the flash to protect the bootloader.

I am not sure what exactly you want to achieve here.
My company has such second-stage bootloaders on almost all it's devices, of different architectures.
The protection is in the BL logic, which checks the addresses of the loaded firmware and just refused to touch sectors the BL itself resides in.
OTOH, those devices are built into heavy machinery, and as such not really prone to hacker / erverse engineering attacks. Your requirements might differ.

luimarma · ‎03-04-2024

What I want to achive is protecting from Erase/Write the first 4 blocks of the image from IAP access.

As you mentioned, the ECRP protection is in BL logic, at offset 0x20.

And it is supposed that at offset 0x20 I should have a "0" at bit 11, a "1" at bit 10 (to enable IAP Sector Erase/Write protection) and bits 0 to 5 should be 0x3b (to protect just the 4 first blocks).

But if I flash an image with bit 11 and bit 10 as related above, the image writing fails and the lpc54608 gets bricked.

I was expecting that after writing the image, the blocks get protected and the image would still work.

I hope that I have explained myself better now.

Any help is welcome.

Thanks in advance,

Alice_Yang · ‎03-05-2024

Hello @luimarma

"0x0001583B"

have a "0" at bit 11, a "1" at bit 10

->> While the two descriptions not the same.

Also Pay attention, your configuration ""0x0001583B"" also do not allow enter ISP mode.

BR

Alice

luimarma · ‎03-06-2024

Hello @Alice_Yang

About bits 13:12 and 15:14 I have it clear. We have an IAP routine to mass erase the LPC to be able to recover it for reflashing.

But still I dont understand why when we try to activate the IAP erase/wite protection at bits 11:10 then we cannot flash the image the first time. How can then bits 11:10 be programmed?

This is the process example that we follow:

Procedure 1:

1. LPC54608 is blank.

2. We build an image with ECRP 0x0001583B

3. We flash image built in step 2.

4. Flashing works and the LPC54608 is working.

Procedure 2:

1. LPC54608 is blank.

2. We build an image with ECRP 0x0001543B

3. We flash image built in step 2.

4. Flashing fails and the LPC54608 part is ruined.

Any hint?

Regards,

Luis

luimarma · ‎03-13-2024

@Alice_Yangcan you give some light to the question above?

Thanks in advance

Alice_Yang · ‎03-16-2024

Hello @luimarma

Change ECRP value need erase the entire flash firstly.

If user can change ECRP value without erase full flash, this setting is meaningless.

Others can change ECRP to do not protect, then read out flash data.

So before change ECRP, must erase all flash.

BR

Alice

frank_m · ‎03-04-2024

First, none of our devices is a LPCxx.
While some are Cortex M and some are other architectures, all have a feature equivalent to "CRP".
However, we do not use this CRP-like features, but leave this logic to the bootloader code.

To be honest, I have not tried IAP on the LPC54xxx MCUs.
But one common issue applies - Flash sector and bank setup.
While you can erase and write Flash on a per-sector basis, you cannot execute code from the same bank while IAP is ongoing, even it it is a different sector.
Some of our bootloaders need to relocate relevant code to RAM, and execute the erase/write code from there, for this reason.

Most Cortex M MCUs, especially smaller/less expensive variants, have only Flash bank. I would check the LPC54608 datasheet in this regard. Perhaps this is your problem.