Code Protection

cancel
Showing results for 
Search instead for 
Did you mean: 

Code Protection

984 Views
trivedimanva
Contributor II

Hi,

I have completed my coding and now need to flash the code into the mcu but in such a way that no can have access to it or say no can copy code from the mcu again using SWD, UART, ISP & USB.

So, I need to know how do we flash the mcu in protected way for the production or market. Which NXP tool or third party tools we have to use for it.

Thanks in advance.

Labels (1)
17 Replies

571 Views
trivedimanva
Contributor II

Hi Kan,

Thanks for your response...!!!

It was okay.

I will look into and if found any issue I will update you for the same.

Thanks a lot for your support on the Code Protection : EEPROM CRP Level settings.

Thanks & Regards

Manva

0 Kudos

571 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Manva,

You are welcome! Please kindly let me know if there is any further issue.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

571 Views
trivedimanva
Contributor II

Hi Kan_Li‌,

Sure I will let you know, If I have any further issues.

Thanks & Regards

Manva Trivedi

0 Kudos

571 Views
trivedimanva
Contributor II

Hi Kan_Li

Hello once again, From last week I am trying to set CRP Level 01 using your shared xml eeprom file.

Whenever I run the "user_ee.bat" file it generate the new "user_ee.bin" file & even I can also see those changed in the outputted .html file.

But problem is that when I load/flash the newly generated "user_ee.bin" file it not showing any indication in "CRP_00" file name as it has to show when we made the changes into the eeprom user_ee.xml file as per the document(UM10948
EEPROM Management of PN746X and PN736X, page number - 12, Table 2. Code and data protection level).

(For your reference I am sharing my user_ee.bin and xml file, please let me about the error if any)

I would request to share the sample code for the setting CRP level using the OTP(otp_Secrow) functions available.

While reading for my solution I have figured out some below function which already available :

1. phhalSysSer_OTP_SecrowConfig

2. phhalSysSer_OTP_SetSecrowLock

3. phhalSysSer_USB_PrimaryDnldConfig

As I mentioned earlier that, I am scared to implement code with above function because any wrong setting & configuration causes my MCU irreversible setting and I cant do anything after it.

So, I will very grateful, If you can share me the sample code using above available function which can directly implemented(Without making any changes into eeprom file) in main.c file.

Looking forward for your support & Response.

Thanks & Regards

Manva Trivedi

0 Kudos

571 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Manva,

The "user_ee.bin" file has no relation with CRP level configuration, you should use phhalSysSer_USB_PrimaryDnldConfig(), just as I replied in the previous thread. This API would not brick the device, please feel free to use it according to the API user guide.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

571 Views
trivedimanva
Contributor II

Hi Kan_Li‌,

I have tried to develop the code for the Code Read and Write protection in application("phExccid") bin file, not in the EEPROM Bin file. So, that application bin didn't get copied if some one try to do it.

But after developing that code I am not able to get it(it normally get copied after applying such setting using API's).

After flashing that code in the PN7462, It allow to copy the application bin file(which I want to stop).

As you have shared the screenshot for the various "Code Read Protection" & "Code Write Protection" levels, In which I need to set the level 2 No Read Only Write is possible.

For your information here I am sharing function in which I have developed the function using the API's available in "phhalSysSer".

So, Please correct me & guide me if I have set the wrong parameter if any.

Looking forward for your support.

Thanks & Regards

Manva

Here is code below :

void CRP(void){

wStatus = phhalSysSer_USB_Config(PH_SYSRV_GET_DATA, &sUsbInfo);
/* Update Product ID. */
sUsbInfo.USBDesc_PID[0] = 0x01;
sUsbInfo.USBDesc_PID[1] = 0x68;
wStatus = phhalSysSer_USB_Config(PH_SYSRV_SET_DATA,
&sUsbInfo);


wStatus = phhalSysSer_USB_Config(PH_SYSRV_GET_DATA, &sUsbInfo);
/* Update Vendor ID. */
sUsbInfo.USBDesc_VID[0] = 0x25;
sUsbInfo.USBDesc_VID[1] = 0x2A;
wStatus = phhalSysSer_USB_Config(PH_SYSRV_SET_DATA,
&sUsbInfo);


wStatus = phhalSysSer_OTP_SecrowConfig(PH_SYSRV_GET_DATA,
&sSecrowConfig);
/* Block SWD. */
sSecrowConfig.bBlockSWD[0] = 1;
wStatus = phhalSysSer_OTP_SecrowConfig
(PH_SYSRV_SET_DATA, &sSecrowConfig);

wStatus = phhalSysSer_OTP_SecrowConfig(PH_SYSRV_GET_DATA,
&sSecrowConfig);
/* Enable Code Write Protection. */
sSecrowConfig.bEnableCWP[0] = 1;
wStatus = phhalSysSer_OTP_SecrowConfig
(PH_SYSRV_SET_DATA, &sSecrowConfig);


wStatus = phhalSysSer_USB_PrimaryDnldConfig(PH_SYSRV_GET_DATA,
&sPriDwnlCfg);
/* Disable primary download. */
sPriDwnlCfg.CRP_Level[0] = 1;
wStatus = phhalSysSer_USB_PrimaryDnldConfig
(PH_SYSRV_SET_DATA, &sPriDwnlCfg);

wStatus = phhalSysSer_OTP_SetSecrowLock();
}

0 Kudos

571 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Manva,

Did you power cycle the board after that?

 

Note: Securing the chip, disabling the SWD, shall NOT be done at every power up. This caused issues in the past. so if it is done once by receiving a command,  that would be fine, just avoid doing it e.g. at every power up. 

BTW, if you use diff command to compare CRP_00.bin and CRP_01.bin, their contents are different.

pastedImage_1.png

and alternatively you may open these bin files by npp, and from the content view , you may find they are different , as the primary download just provides 0xff when CRP level is greater than 0.

pastedImage_3.png

pastedImage_4.png

Hope that helps,

Best Regards,

Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

571 Views
trivedimanva
Contributor II

Hi @Kan_Li,

I can understand from your file which you have shown that it is protected.

But what if, My file is get copied and same file is pasted in another MCU.

For Example, Consider that if someone has two another nxp mcu & also my board with my application developed. Now they can go into the USB MSD download mode can easily copy my developed code and past it in someone another board.

(I also know we can also disable the usb MSD mode, but I am in development phase so currently I cant block the usb msd mode, but need to protect my application bin file.)

So, that's why I am looking for the Code Read Protection.

Looking forward for your feedback.

Thanks

Manva

0 Kudos

571 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Manva,

I am sorry, but I am confused with your example. if your application has already got copied by someone else, there is no meaning for the Code Read Protection. How to protect a file which has already been taken out? 

Would you please clarify?

Have a great day,
Kan

 


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

571 Views
trivedimanva
Contributor II

Hi Kan,

I already gone through all these details.

From the document I tried to develop & generate the code CRP level 01 for security, to do these I have used the user_ee.xml file to "add custom parameter" as mentioned in the UM10948 - PN7462 EEPROM Management (at Pg 8 and point 2.5).

But I am unable to get the updated changed file.

(I am not getting any page VII [UserBlock] in the html file after cross verifying it).

Please let me know whats the issue. 

And if possible, Can CRP changed from the firmware side directly without changing any file through xml files (Means any code level, function or register settings I have to done, then please share a sample for safety purpose otherwise my board will get wasted).

Looking forward for your kind support ... 

Thanks 

Manva

0 Kudos

571 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Manva,

Actually I did as the the UM10948 and got the same result as it is, please kindly refer to the following for details.

pastedImage_1.png

I think your issue might be due to the xml format, so I attach my file here, please refer to the attachment for details.

Actually xml file is just used to define your own parameters in the EEPROM, so you may lock your application just once. You know, we provide ROM system services for that purpose, but some API should be used considering EEPROM erase/write limitations.

pastedImage_2.png

Please refer to 3.3 in UM10913 for more details.

Hope that helps,

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

571 Views
trivedimanva
Contributor II

Hi Kan,

Thanks for response ....

I was also trying the same way to create page VII "UserBlock" using the xml, user_ee.xml file but unfortunately I was getting error and not able to get page VII.

Now I am getting it, Thanks once again for your support.

It will great of yours if can you share one of the sample the code for the SecRow(), OTP() functions and all which is done from the application code inside, Because I am afraid that If I made some wrong setting by mistake in the PN7462AU ROM then it will get block or something else.

So, I will request you, if you can share the sample of it for reference.

Looking forward for your support and responses ...

Best Regards

Manva 

0 Kudos

571 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Manva,

Actually we have already provided a code snippet in UM10948 as below:

pastedImage_1.png

and if you want to protect the code and data from read, you should use the ROM system service:phhalSysSer_USB_PrimaryDnldConfig().because the following parameters locate in the NXP protected section. You can not use a xml file to get access to these parameters.

pastedImage_209.png

Prefer to the API guide, you may find the sample code as below:

pastedImage_131.png

Hope that helps,

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

571 Views
trivedimanva
Contributor II

Hi Kan,

Is there any other method through which we can set the CRP level  =  01 in firmware side(without using XML file).

If possible then please share sample of it for reference & safety as well(because any hard changes in the CRP level may cause reversible settings into it)

Looking forward for your response.

Thanks & Regards

Manva

0 Kudos

571 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Manva,

Which MCU are you referring to? Would you please specify?

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

571 Views
trivedimanva
Contributor II

Hi @Kan_Li

I am using PN7462AU Read IC and for code development MCUXpresso IDE.

Looking forward for your response.

Thanks 

Manva 

0 Kudos

571 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Manva,

You may disable the SWD interface to protect your application code. Please refer to the following for details.

pastedImage_1.png

Hope that helps,

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos