DCF program in MPC5746B

cancel
Showing results for 
Search instead for 
Did you mean: 

DCF program in MPC5746B

20 Views
Contributor I

Dear all,

I have developed a CAN bootloader for my MPC5746B with S32 IDE. Everything is working ok and I can download and play my application.

Now I am trying to protect my device based on AN12092. I just want to insert a JTAG password. I have made some tests and running the code step by step I can program the JTAG password, DCFs and change the life cycle of the device. In this case, the device became censored as expected.

But when I try to run the bootloader without step by step mode, the code goes to the “IVOR1” exception after the “C55FMC.MCR.B.EHV = 1”. I’ve tried to treat the exception but didn't get success.

 

Can someone help me?

 

Here is the code for flash program:

 void _flash_program(uint32_t prog_addr, uint32_t data32_0, uint32_t data32_1)
{
/* clear lock */
//C55FMC.LOCK0.B.TSLOCK = 0;
C55FMC.LOCK0.R = 0;
C55FMC.LOCK1.R = 0;
C55FMC.LOCK2.R = 0;
C55FMC.LOCK3.R = 0;

C55FMC.MCR.B.PGM = 1;
WRITE32(prog_addr, data32_0);
WRITE32(prog_addr+4, data32_1);
C55FMC.MCR.B.EHV = 1;
while(C55FMC.MCR.B.DONE == 0);
C55FMC.MCR.B.EHV = 0;
C55FMC.MCR.B.PGM = 0;

/* set lock */
//C55FMC.LOCK0.B.TSLOCK = 1;
C55FMC.LOCK0.R = 0xFFFFFFFF;
C55FMC.LOCK1.R = 0xFFFFFFFF;
C55FMC.LOCK2.R = 0xFFFFFFFF;
C55FMC.LOCK3.R = 0xFFFFFFFF;
}

 

Here is the code for exception:

IVOR1_Handler:

prolog_IVOR1:

       e_stwu       r1,-0x50(r1)              ;// Create stack frame and store back chain         Store word with Update

       e_stw        r3,    0x24(r1)                   ;// Save working register                                  Store Word

 

       mfspr        r3, 571                                 ;// Get MCSRR1                                                            Move From Special Purpose Register

       e_stw        r3, 0x10(r1)              ;// and save CSRR1                                                Store Word

 

       mfspr        r3, 572                                                                                                                  //Move From Special Purpose Register

       mtspr        572, r3                                                                                                                  //Move To Special Purpose Register

 

                           ;// STEP 2: READ IACKR & RE-ENABLE INTERRUPTS

       e_stw        r0, 0x20(r1)              ;// Save another working register                          Store Word

       e_lis        r0, EER_exception_handler@h                                                                                //Load Immediate Shifted

       e_or2i       r0, EER_exception_handler@l                                                                                //OR (2operand) Immediate

 

                           ;// STEP 3: SAVE OTHER APPROPRIATE CONTEXT

       se_mflr             r3                                      ;// Get LR                                                               Move From Link Register

       e_stw        r3, 0x08(r1)              ;// and save LR                                                          Store Word

       mfspr        r3, 0x01                         ;// Get XER                                                               Move From Special Purpose Register

       e_stw        r3, 0x14(r1)              ;// and save XER                                                  Store Word

       se_mfctr     r3                                      ;// Get CTR                                                               Move From Count Register

       e_stw        r3, 0x18(r1)              ;// and save CTR                                                  Store Word

       mfcr         r3                                      ;// Get CR                                                                Move From Condition Register

       e_stw        r3, 0x1C(r1)              ;// and save CR

       e_stw        r4, 0x28(r1)              ;// Store GPR4

       e_stw        r5, 0x2C(r1)              ;// Store GPR5

       e_stw        r6, 0x30(r1)              ;// Store GPR6

       e_stw        r7, 0x34(r1)              ;// Store GPR7

       e_stw        r8, 0x38(r1)              ;// Store GPR8

       e_stw        r9, 0x3C(r1)              ;// Store GPR9

       e_stw        r10, 0x40(r1)                    ;// Store GPR10

       e_stw        r11, 0x44(r1)                    ;// Store GPR11

       e_stw        r12, 0x48(r1)                    ;// Store GPR12

 

                                  ;// STEP 4: DETERMINE INTERRUPT SOURCE

                                  ;// (Interrupt source's vector is in r0)

       se_mtlr             r0                                                                                                                              //Move To Link Register

 

       mfspr        r3,570              ;// Get CSRR0 and pass it to the C function                             Move From Special Purpose Register

       e_lhz        r4,0(r3)            ;// pass also the current instruction to the C function          Load Halfword and Zero

 

                                  ;// STEP 5: EXECUTE INTERRUPT SERVICE ROUTINE

       se_blrl                    ;// Go to vector, but return here                                                     Branch to Link Register [and Link]

 

epilog_IVOR1:

       mtspr        570,r3              ;// and restore the new CSRR0                                     Move To Special Purpose Register

 

                                  ;// STEP 6 :  RESTORE CONTEXT

       e_lwz        r0, 0x20(r1)                                                                                        //Load Word and Zero

       e_lwz        r4, 0x28(r1)              ;// Restore GPR4

       e_lwz        r5, 0x2C(r1)              ;// Restore GPR5

       e_lwz        r6, 0x30(r1)              ;// Restore GPR6

       e_lwz        r7, 0x34(r1)              ;// Restore GPR7

       e_lwz        r8, 0x38(r1)              ;// Restore GPR8

       e_lwz        r9, 0x3C(r1)              ;// Restore GPR9

       e_lwz        r10, 0x40(r1)                    ;// Restore GPR10

       e_lwz        r11, 0x44(r1)                    ;// Restore GPR11

       e_lwz        r12, 0x48(r1)                    ;// Restore GPR12

       e_lwz        r3, 0x14(r1)        ;// Get XER

       mfspr        r3, 0x01                  ;// and restore XER                                                                    Move From Special Purpose Register

       e_lwz        r3, 0x18(r1)        ;// Get CTR

       se_mtctr     r3                                ;// and restore CTR                                                                   Move To Count Register

       e_lwz        r3, 0x1C(r1)        ;// Get CR

       mtcrf        0xff, r3                  ;// and restore CR                                                                     Move to Condition Register Fields

       e_lwz        r3, 0x08(r1)        ;// Get LR

       se_mtlr             r3                                ;// and restore LR                                                                            Move To Link Register

       wrteei       0                                 ;// Disable interrupts until                                                          Write MSR External Enable Immediate

                                                             ;// end of routine

       ;e_lwz       r3, 0x0C(r1)        ;// Get CSRR0 from stack

       ;mtspr       58, r3                     ;// and restore SRR0

       e_lwz        r3, 0x10(r1)        ;// Get MCSRR1 from stack

       mtspr        571, r3                          ;// and restore MCSRR1

       e_lwz        r3, 0x24(r1)        ;// Restore R3

       e_addi       r1, r1, 0x50        ;// Clean up stack                                                                     Add Immediate Carrying [and Record]

 

                                               ;// STEP 7:  Return to Program

       se_rfmci                         ;// End of Interrupt                                                                   Return From Machine Check Interrupt

 

///----------------------------------------------------------------------------------------------

/// exception handler for EER/RWE error

///----------------------------------------------------------------------------------------------

uint32_t EER_exception_handler(uint32_t return_address, uint16_t instruction)

{

       if ((instruction & 0x9000) == 0x1000)

       {

             // first 4 Bits have a value of 1,3,5,7

             return_address += 4;    // instruction was 32 bit

       }

       else

       {

             // first 4 Bits have a value of 0,2,4,6,8,9,A,B,C,D,E (and F, but F is reserved)

             return_address += 2;    // instruction was 16 bit

       }

 

       if (C55_REG_BIT_TEST(C55_REG_BASE + C55_MCR, C55_MCR_RWE) == C55_MCR_RWE)

    {

             C55_REG_BIT_SET(C55_REG_BASE + C55_MCR, C55_MCR_RWE);

    }

    if (C55_REG_BIT_TEST(C55_REG_BASE + C55_MCR, C55_MCR_EER) == C55_MCR_EER)

    {

       C55_REG_BIT_SET(C55_REG_BASE + C55_MCR, C55_MCR_EER);

    }

    return return_address;

}

Labels (1)
0 Kudos
1 Reply

11 Views
NXP Employee
NXP Employee

Hi,

How did you censor the device?

You censor just JTAG access or also the serial interface?

Which JTAG debugger do you use?

So when the debugger is connected you can execute code step by step? And when not, you are running into IVOR1?

 

regards,

Peter

0 Kudos