MPC5777C Censorship Access

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

MPC5777C Censorship Access

ソリューションへジャンプ
1,625件の閲覧回数
jeffcampbell
Contributor III

Hi,

My group is currently trying to access an MPC5777C device that we've censored.  We know for sure that the JTAG password is programmed, as well as the password for PASS Group 0 and possibly Group 1, however it's my understanding that we can gain access with only one password.

The life cycle of the device is set to OEM Production.

We are using the Greenhills MULTI environment.  We've successfully been able to reset and halt the device by writing to the jtag_password_hi and jtag_password_lo registers.

We can read flash memory at this point using the "memory view" window.  However, when we try to download a program over the debugger, it seems to fail to read memory at all (i.e. the probe thinks a block is erased when it is actually populated).

Additionally, we're having trouble accessing the CIN0-7 registers.  We've successfully written to the PASS_CHSEL register and have seen it change to acknowledge a new master, but writing the password to the CIN area has no effect.

Can someone help us better understand how to gain access to the device?

Thanks,

Jeff Campbell

P.S.  We figured this out for the most part, turned out it was a matter of having every password group loaded.

The question now, though, is exactly how password words map into CIN0-7.  The manual says that CIN0 matches with the MSB of the password.  Does this mean, for instance, that for Group 0, CIN0 corresponds to the value at 0x00400160?

Thanks again!

ラベル(1)
タグ(3)
0 件の賞賛
1 解決策
1,099件の閲覧回数
petervlna
NXP TechSupport
NXP TechSupport

Hello,

I am not familiar with GHS debugging tools (only with compiler).

However there is no known issue when you unlock memory with programmed JTAG password to censored device.

You are now in OEM production or in field life cycle with programed DCF censorship client (JTAG Password).

pastedImage_1.png

As you can see from above table the device is always read protected. Never only write protected. So without correct password you are not able even to read flash.

Before we can proceed further:

We can read flash memory at this point using the "memory view" window.  However, when we try to download a program over the debugger, it seems to fail to read memory at all (i.e. the probe thinks a block is erased when it is actually populated).

Did you tried to use different debuggers? Like Lauterbach or PEMicro? Or just GHS probe?

Peter

元の投稿で解決策を見る

0 件の賞賛
2 返答(返信)
1,100件の閲覧回数
petervlna
NXP TechSupport
NXP TechSupport

Hello,

I am not familiar with GHS debugging tools (only with compiler).

However there is no known issue when you unlock memory with programmed JTAG password to censored device.

You are now in OEM production or in field life cycle with programed DCF censorship client (JTAG Password).

pastedImage_1.png

As you can see from above table the device is always read protected. Never only write protected. So without correct password you are not able even to read flash.

Before we can proceed further:

We can read flash memory at this point using the "memory view" window.  However, when we try to download a program over the debugger, it seems to fail to read memory at all (i.e. the probe thinks a block is erased when it is actually populated).

Did you tried to use different debuggers? Like Lauterbach or PEMicro? Or just GHS probe?

Peter

0 件の賞賛
1,099件の閲覧回数
jeffcampbell
Contributor III

Peter,

Thanks for the quick response.  We only use the GHS probe, and will be in touch with Greenhills for further specific support there.

Thanks!

Jeff

0 件の賞賛