帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

MPC5777C Censorship Access

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

MPC5777C Censorship Access

跳至解决方案
‎05-18-2017 06:44 AM
2,292 次查看
jeffcampbell
Contributor III

Hi,

My group is currently trying to access an MPC5777C device that we've censored.  We know for sure that the JTAG password is programmed, as well as the password for PASS Group 0 and possibly Group 1, however it's my understanding that we can gain access with only one password.

The life cycle of the device is set to OEM Production.

We are using the Greenhills MULTI environment.  We've successfully been able to reset and halt the device by writing to the jtag_password_hi and jtag_password_lo registers.

We can read flash memory at this point using the "memory view" window.  However, when we try to download a program over the debugger, it seems to fail to read memory at all (i.e. the probe thinks a block is erased when it is actually populated).

Additionally, we're having trouble accessing the CIN0-7 registers.  We've successfully written to the PASS_CHSEL register and have seen it change to acknowledge a new master, but writing the password to the CIN area has no effect.

Can someone help us better understand how to gain access to the device?

Thanks,

Jeff Campbell

P.S.  We figured this out for the most part, turned out it was a matter of having every password group loaded.

The question now, though, is exactly how password words map into CIN0-7.  The manual says that CIN0 matches with the MSB of the password.  Does this mean, for instance, that for Group 0, CIN0 corresponds to the value at 0x00400160?

Thanks again!

标签 (1)
标签
标记 (3)
0 项奖励
回复
1 解答

跳至解决方案
‎05-19-2017 02:55 AM
1,766 次查看
petervlna
NXP TechSupport
NXP TechSupport

Hello,

I am not familiar with GHS debugging tools (only with compiler).

However there is no known issue when you unlock memory with programmed JTAG password to censored device.

You are now in OEM production or in field life cycle with programed DCF censorship client (JTAG Password).

pastedImage_1.png

As you can see from above table the device is always read protected. Never only write protected. So without correct password you are not able even to read flash.

Before we can proceed further:

We can read flash memory at this point using the "memory view" window.  However, when we try to download a program over the debugger, it seems to fail to read memory at all (i.e. the probe thinks a block is erased when it is actually populated).

Did you tried to use different debuggers? Like Lauterbach or PEMicro? Or just GHS probe?

Peter

在原帖中查看解决方案

0 项奖励
回复
2 回复数

跳至解决方案
‎05-19-2017 02:55 AM
1,767 次查看
petervlna
NXP TechSupport
NXP TechSupport

Hello,

I am not familiar with GHS debugging tools (only with compiler).

However there is no known issue when you unlock memory with programmed JTAG password to censored device.

You are now in OEM production or in field life cycle with programed DCF censorship client (JTAG Password).

pastedImage_1.png

As you can see from above table the device is always read protected. Never only write protected. So without correct password you are not able even to read flash.

Before we can proceed further:

We can read flash memory at this point using the "memory view" window.  However, when we try to download a program over the debugger, it seems to fail to read memory at all (i.e. the probe thinks a block is erased when it is actually populated).

Did you tried to use different debuggers? Like Lauterbach or PEMicro? Or just GHS probe?

Peter

0 项奖励
回复

跳至解决方案
‎05-19-2017 05:30 AM
1,766 次查看
jeffcampbell
Contributor III

Peter,

Thanks for the quick response.  We only use the GHS probe, and will be in touch with Greenhills for further specific support there.

Thanks!

Jeff

0 项奖励
回复