帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to edit the CMPA using Secure provisioning on MCXA156

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

How to edit the CMPA using Secure provisioning on MCXA156

跳至解决方案
3 周之前
376 次查看
rj_engineer
Contributor III

secure_provisioning_cmpa_error.png

In Secure provisioning CMPA configuration, the default values shows an error and using the fix button before writing doesn't work. Reading the FRDM-MCXA156 values only show 0xFFFFFFFF on every parameter. Also, the terminal doesn't show the blhost command used (it does when verifying the connection).

 

The question is :

How to properly use the CMPA configuration ?

标签 (1)
标签
0 项奖励
回复
1 解答

跳至解决方案
3 周之前
349 次查看
marek-trmac
NXP Employee
NXP Employee

Hi @rj_engineer 

Good question. If the processor is clear, there are 0xFF values in the whole flash and so the CMPA page is invalid and the flash configuration from CMPA is not applied. If you install CMPA using SEC tool, the flash access configuration will be applied and it is critical to set access rights properly.

There is not option allowing full flash access rights, so basically there is not "safe" default value. Each user needs to decide based on his application, what areas should be executable and what shall be read-only or shall be allowed for write. If the access right is not set properly, the processor will not boot.

This is the reason why SEC tool shows an error. The error is the "guide" to the configuration asking to be aware about the configuration and set it properly. To prevent to configure the processor into the state that it does not boot, SEC tool requires to set access right explicitly.

Regards,
Marek


NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button

在原帖中查看解决方案

0 项奖励
回复
7 回复数

跳至解决方案
3 周之前
350 次查看
marek-trmac
NXP Employee
NXP Employee

Hi @rj_engineer 

Good question. If the processor is clear, there are 0xFF values in the whole flash and so the CMPA page is invalid and the flash configuration from CMPA is not applied. If you install CMPA using SEC tool, the flash access configuration will be applied and it is critical to set access rights properly.

There is not option allowing full flash access rights, so basically there is not "safe" default value. Each user needs to decide based on his application, what areas should be executable and what shall be read-only or shall be allowed for write. If the access right is not set properly, the processor will not boot.

This is the reason why SEC tool shows an error. The error is the "guide" to the configuration asking to be aware about the configuration and set it properly. To prevent to configure the processor into the state that it does not boot, SEC tool requires to set access right explicitly.

Regards,
Marek


NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button
0 项奖励
回复

跳至解决方案
3 周之前
336 次查看
rj_engineer
Contributor III

Hi marek,

Thank you for the quick answer.

 

To summarize what we understand :

  • 0xFF everywhere is the default state of the chip after manufacturing and isn't taken into account by the MCU
  • To program the CMPA we need to set at least one area as locked and make sure the user code don't use it

We also have a small doubt that we couldn't confirm in the reference manual:

Are the CMPA only one-time programmable?

0 项奖励
回复

跳至解决方案
3 周之前
330 次查看
marek-trmac
NXP Employee
NXP Employee

Hi again,

0xFF everywhere is the default state of the chip after manufacturing and CMPA isn't taken into account by the MCU

Correct!

To program the CMPA we need to set at least one area as locked and make sure the user code don't use it

Not true. You can set access to all regions to "ROM_RX_UNLOCKED" for example, which means the code can be executed, the flash can be read but the code cannot modify the flash (write not allowed). Unlocked means you can modify access in the runtime

Are the CMPA only one-time programmable?

In development life cycle, it is possible to update CMPA several times.

Regards,
Marek


NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button
0 项奖励
回复

跳至解决方案
3 周之前
328 次查看
rj_engineer
Contributor III

Not true. You can set access to all regions to "ROM_RX_UNLOCKED" for example, which means the code can be executed, the flash can be read but the code cannot modify the flash (write not allowed). Unlocked means you can modify access in the runtime

Does is it mean that we can set all regions to full access if we set one in "ROM_RX_UNLOCKED"?

0 项奖励
回复

跳至解决方案
3 周之前
322 次查看
marek-trmac
NXP Employee
NXP Employee

Hi, which from the available options do you call "full access"?

marektrmac_1-1756969465067.png

 

Regards,
Marek


NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button
0 项奖励
回复

跳至解决方案
3 周之前
318 次查看
rj_engineer
Contributor III

We refered to the "DEFAULT_RW_UNLOCKED" but after re-reading, it appear to be a misunderstanding on our side as it must mean only read and write access (not execute). That automatically answers my question.

 

I will mark your first answer as the accepted one.

 

Thank you for your time.

回复

跳至解决方案
3 周之前
312 次查看
marek-trmac
NXP Employee
NXP Employee

Thank you for your question. We will improve the SEC tool documentation to provide more info about the configuration.

Regards,
Marek


NOTE: If you find the answer useful, kindly click on [ACCEPT AS SOLUTION] button
0 项奖励
回复