S32K312 TCM backdoor acess method problem

feman5012 · ‎07-16-2024

Hello NXP experts,

As listed in RM 21 / 4649, Figure 6. Block diagram – S32K312, No backdoor access method available for CM7_0, but in the memory map, there'are TCM back door address.

And I can access the ITCM backdoor address, to change value of variables. My question is

for S32K312, M7_0 core accessing TCM backdoor is realized by direct mode instead of backdoor mode, as you can see no backdoor switch is listed in the block diagram, while like

the blelow chips, there're rea switches around the TCM for user to select the backdoor mode.

page 22 / 4649, Figure 7. Block diagram – S32K322, S32K342 and S32K341,

Look forward to your professional response.

davidtosenovjan · ‎07-19-2024

Red arrows do no show backdoor access, it shows running in split-lock configuration i.e. running in decoupled or lockstep mode.

Backdoor access marked below by yellow:

feman5012 · ‎07-21-2024

Hello David,

I get your point. Previously I misunderstood the backdoor path. The reason I'm curious about the backdoor access method is dueo to the TCM error injection. TCM error inejction will use the backdoor address to write and read the same address. During this write and read, Specific EIM channel will invert 1 bit in the data path or address path, and XBIC will detect this kind of error thru the below red marked " Crossbar Integrity Checker (TCM backdoor AHB Splitter)", the below picture is truncted from Figure 7. Block diagram – S32K322, S32K342 and S32K341, page 22 / 4649.

However for Figure 6. Block diagram – S32K312, no Crossbar Integrity Checker (TCM backdoor AHB Splitter), does this mean no real detection in XBIC side for S32K312 EIM for TCM write and read?

davidtosenovjan · ‎07-22-2024

The XBIC is sub-module verifying the integrity of the attribute information for XBAR transfers using an Error Detection Code (EDC). The XBIC integrity checking is independent from the memory's ECC that covers the address and data.

For ECC error injection to the TCM data use EIM to simulate fault reading.

According Table 264.EIM channel mapping - S32K3x1, S32K3x2, S32K344/S32K324/S32K314

you may inject ECC error to frontdoor read access (channels 13-18) as well as to backdoor read access (channel 20).

feman5012 · ‎07-24-2024

Hi David,

We consult the local NXP FAE, there're some error data in the RM, and the SAF 1.0.3 implements the wrong configuration. Thanks for your reply again.

feman5012 · ‎07-22-2024

Hello David,

Appreciate your reply. My question orgins from the SAF package S32K3_SAF_1.0.4_D2312, I integrate it into S32K312 product. As you know only 344, 358, 388 are tested and provided with demo. While sCheck item, for S32K312, SCHECK_EDC_GASKETS_CM7_0 fails. For this check item, there're 6 sub item, 2 of 6, listed below really fail, others pass. I trace the code, everything is OK, and the configuration is set per the code. However for the below 2 items, the EIM injects the error, but no fault reported, it seems like the ECC or EDC mechanism does not work. The below 2 items uses the ITCM backdoor address to inject the error, EIM channel used is 28, and 29.

/* TCM CM7_0 32-bit address checker */
{
SCHECK_EDC_ADDR_CHECK_EIM_CHAN_ID, /* u8EimChannelId */
sCheck_Edc_au8Tcm0_32b_AddrCheckBits, /* pu8EimDataBits */
SCHECK_EDC_MSCM_CM7_0_TCM_BD_ADDR, /* u8MscmEnedcIdx */
EMCEM_DCM_NCF_1_AD_EDC_ERR_OUT, /* u8FaultId */
sCheck_Edc_Core_Read_TCM /* pfTest */
},

/* TCM CM7_0 write checker */
{
SCHECK_EDC_WDATA_CHECK_EIM_CHAN_ID, /* u8EimChannelId */
sCheck_Edc_au8Tcm0_32b_WriteCheckBits, /* pu8EimDataBits */
SCHECK_EDC_MSCM_CM7_0_TCM_BD_WRITE, /* u8MscmEnedcIdx */
EMCEM_DCM_NCF_1_WR_EDC_ERR_OUT, /* u8FaultId */
sCheck_Edc_Core_Write_TCM /* pfTest */
},

Based on your above reply, I guess channel 20 maybe used for this kind of error. There're bug hidden in S32K3_SAF_1.0.4_D2312 for the above 2 check item.

you may inject ECC error to frontdoor read access (channels 13-18) as well as to backdoor read access (channel 20).