FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

S32K312 TCM backdoor acess method problem

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

S32K312 TCM backdoor acess method problem

‎07-16-2024 02:11 AM
2,476 Views
feman5012
Contributor II

Hello NXP experts,

As listed in RM 21 / 4649, Figure 6. Block diagram – S32K312,  No backdoor access method available for CM7_0, but in the memory map, there'are TCM back door address.

feman5012_0-1721120612414.png

feman5012_1-1721120728452.png

And I can access the ITCM backdoor address, to change value of variables. My question is

for S32K312, M7_0 core accessing TCM backdoor is realized by direct mode instead of backdoor mode, as you can see no backdoor switch is listed in the block diagram, while like 

the blelow chips, there're rea switches around the TCM for user to select the backdoor mode.

page 22 / 4649, Figure 7. Block diagram – S32K322, S32K342 and S32K341, 

feman5012_2-1721120948337.png

 

Look forward  to your professional response.

 

 

 

0 Kudos
Reply
6 Replies

‎01-23-2025 07:46 AM
1,643 Views
mohamed_abdelrazek13
Contributor II

@feman5012   Hi , i got the same result when i tried to make ED_gaskets_CM7_0 test on S32k312.

Did you get any solution from NXP ? 

0 Kudos
Reply

‎07-19-2024 04:19 AM
2,434 Views
davidtosenovjan
NXP TechSupport
NXP TechSupport

Red arrows do no show backdoor access, it shows running in split-lock configuration i.e. running in decoupled or lockstep mode.

Backdoor access marked below by yellow:

davidtosenovjan_1-1721387817996.png

 

 

 

0 Kudos
Reply

‎07-21-2024 07:47 PM
2,387 Views
feman5012
Contributor II

Hello David,

 

I get your point. Previously I misunderstood the backdoor path. The reason I'm curious about the backdoor access method is dueo to  the TCM error injection.  TCM error inejction will use the backdoor address to write and read the same address. During this write and read, Specific EIM channel will invert 1 bit in the data path or address path, and XBIC will detect this kind of error thru the below red marked " Crossbar Integrity Checker (TCM backdoor AHB Splitter)", the below picture is truncted from Figure 7. Block diagram – S32K322, S32K342 and S32K341, page 22 / 4649. 

feman5012_0-1721615666138.png

 

However for Figure 6. Block diagram – S32K312, no Crossbar Integrity Checker (TCM backdoor AHB Splitter), does this mean no real detection in XBIC side for S32K312 EIM for TCM write and read?

feman5012_1-1721616030708.png

 

 

 

0 Kudos
Reply

‎07-22-2024 01:44 AM
2,364 Views
davidtosenovjan
NXP TechSupport
NXP TechSupport

The XBIC is sub-module verifying the integrity of the attribute information for XBAR transfers using an Error Detection Code (EDC). The XBIC integrity checking is independent from the memory's ECC that covers the address and data.

For ECC error injection to the TCM data use EIM to simulate fault reading.

According Table 264.EIM channel mapping - S32K3x1, S32K3x2, S32K344/S32K324/S32K314

you may inject ECC error to frontdoor read access (channels 13-18) as well as to backdoor read access (channel 20).

0 Kudos
Reply

‎07-24-2024 02:53 AM
2,314 Views
feman5012
Contributor II

Hi David,

 

We consult the local NXP FAE, there're some error data in the RM, and the SAF 1.0.3 implements the wrong configuration. Thanks for your reply again.

0 Kudos
Reply

‎07-22-2024 02:52 AM
2,353 Views
feman5012
Contributor II

 Hello David,

 

Appreciate your reply.  My question orgins from the SAF package S32K3_SAF_1.0.4_D2312, I integrate it into S32K312 product.  As you know only  344, 358, 388 are tested and provided with demo. While sCheck  item, for S32K312, SCHECK_EDC_GASKETS_CM7_0 fails. For this check item, there're 6 sub item, 2 of 6, listed below really fail, others pass. I trace the code, everything is OK, and the configuration is set per the code. However for the below 2 items, the EIM injects the error, but no fault reported, it seems like the  ECC or EDC mechanism does not work. The below 2 items uses the ITCM backdoor address to inject the error, EIM channel used is 28, and 29. 

/* TCM CM7_0 32-bit address checker */
{
SCHECK_EDC_ADDR_CHECK_EIM_CHAN_ID, /* u8EimChannelId */
sCheck_Edc_au8Tcm0_32b_AddrCheckBits, /* pu8EimDataBits */
SCHECK_EDC_MSCM_CM7_0_TCM_BD_ADDR, /* u8MscmEnedcIdx */
EMCEM_DCM_NCF_1_AD_EDC_ERR_OUT, /* u8FaultId */
sCheck_Edc_Core_Read_TCM /* pfTest */
},

/* TCM CM7_0 write checker */
{
SCHECK_EDC_WDATA_CHECK_EIM_CHAN_ID, /* u8EimChannelId */
sCheck_Edc_au8Tcm0_32b_WriteCheckBits, /* pu8EimDataBits */
SCHECK_EDC_MSCM_CM7_0_TCM_BD_WRITE, /* u8MscmEnedcIdx */
EMCEM_DCM_NCF_1_WR_EDC_ERR_OUT, /* u8FaultId */
sCheck_Edc_Core_Write_TCM /* pfTest */
},

Based on your above reply, I guess channel 20 maybe used for this kind of error. There're bug hidden in S32K3_SAF_1.0.4_D2312 for the above 2 check item. 

you may inject ECC error to frontdoor read access (channels 13-18) as well as to backdoor read access (channel 20).

 

0 Kudos
Reply