Author Topic: Additional Security for LPC952  (Read 10838 times)

phofmann

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Additional Security for LPC952
« on: August 09, 2007, 09:03:16 am »
We are using the LPC952 in several designs. Sometimes we get boards back with the Boot status register altered.
According to NXP this can happen during a brown out condition and can be prevented by setting the CWP bit in the Boot status register
We would like to write/read those bits from Flash Magic, but they are not accessible. The menu selection under ISP for "Additional Security bits.." is grayed out for the LPC952.
Also it seems there is no access to UCFG2 register.
I am using version 3.61.230
Also we are using FDI's USB-ICP dongle for programming. It would be nice to be able to put the LPC952 into ICP mode, one would think this should be able to do since the name already implies it.

So this is what I'd like to see:

access to all Boot status bits
access to UCFG2 register
ICP capability

Pete

Andy Ayre

  • ESAcademy Staff
  • Sr. Member
  • *****
  • Posts: 2160
    • View Profile
    • Embedded Systems Academy, Inc.
    • Email
Re: Additional Security for LPC952
« Reply #1 on: August 09, 2007, 10:38:49 am »
UCFG2 is accessible by going to ISP -> Device Configuration when you have the 89LPC952 selected. UCFG1 and UCFG2 are combined into one dialog window. The title of the window is a bit misleading so we will fix that.

It seems that the missing access to CWP, etc. was an oversight - this will be fixed in Flash Magic 3.62, which will be released today.

FDI's interface should use ICP mode to program the device. Make sure you have it selected in section 1 of the Flash Magic window. For further help with the interface you might want to contact FDI directly.

Andy
Embedded Systems Academy, Inc.
support at esacademy dot com

phofmann

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: Additional Security for LPC952
« Reply #2 on: August 09, 2007, 01:14:15 pm »
Andy,

thanks for the answer. Below are some more questions I have.

All but one selection in "Device Configuration.." refers to UCFG2 and this is "Enable Debugger". Will this set both DBG_A and DBG_B bit in UCFG2? What is with the other bits (HLT_T0, HLT_T1, HLT_RTC and TRIGEN)?

I verified that the FDI_ICP enables ICP mode by observing the RESET signal (get the correct 7 pulses).
But why can't I clear the CWP bit and the Sector protection bits?
If the CWP bit is programmend to a 1 in the Boot Status register and I want to set it to 0, I get the following error: (I set the Device to LPC932A1 and disabled the signature check for this test)
"Operation Failed. (erasing BV and SB - security violation in device)"

Based on the IPC specification I should be able to do that, at least that how I would interpret the ICP-Spec and the LPC952 User manual.


Thanks,

Pete

Andy Ayre

  • ESAcademy Staff
  • Sr. Member
  • *****
  • Posts: 2160
    • View Profile
    • Embedded Systems Academy, Inc.
    • Email
Re: Additional Security for LPC952
« Reply #3 on: August 09, 2007, 02:07:55 pm »
Sorry, but I think you are looking at an old version of the user manual. Download the current one from the NXP website and you will see that there are only two bits in UCFG2. I think the old user manual suffered from a cut and paste error.

To clear the configuration protection go to ISP -> Device Configuration and click on the "Clear Config Protection". If that doesn't work you might want to contact FDI.

Basically the ISP to ICP interfaces implement the ISP command set but they may not pass along all commands. The implementation depends on what the vendor did.

Andy
Embedded Systems Academy, Inc.
support at esacademy dot com

phofmann

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: Additional Security for LPC952
« Reply #4 on: August 09, 2007, 03:45:39 pm »
Thanks for the hint on the manual.

As for the "Clear Configuration", this button is grayed out for the LPC952. If I switch to the LPC932A1 it is available.
How can I clear the EDISx Sector protection bit?

phofmann

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: Additional Security for LPC952
« Reply #5 on: August 10, 2007, 01:44:24 pm »
Andy,

thanks so much for updating Flash Magic so quickly.

Now that I can look at the additional security bits, I found that even though I have the CWP bit set in my HEX file, after programming it is not set.

I understand that Flash Magic is writing a "0x01" to the Boot status register to make sure the micro will boot the user code and not go into the boot loader.

Could it be implemented that Flash Magic is taking the values for the Boot status register from the Hex file and or's them with the BSB (Boot status Bit) and then writes to the Boot status register. This will eliminate the extra step of manually programming the CWP bit when using Flash Magic.

We only supply our hex file to our turnkey vendor and do not know how they are programming the micros (when there is a firmware update they do use Flash magic), as far as I know they even might come preprogrammed from the chip vendor (NXP).

Thanks,

Pete

Andy Ayre

  • ESAcademy Staff
  • Sr. Member
  • *****
  • Posts: 2160
    • View Profile
    • Embedded Systems Academy, Inc.
    • Email
Re: Additional Security for LPC952
« Reply #6 on: August 13, 2007, 03:46:45 pm »
Flash Magic doesn't support all bits in start900.a51 to stop people making accidental mistakes or getting confused with the device settings. If you wish to automate setting the bit you could create a batch file and use the command line version.

Please try 3.63 - you should now be able to use the Clear Confg Protection button.

Andy
Embedded Systems Academy, Inc.
support at esacademy dot com

phofmann

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: Additional Security for LPC952
« Reply #7 on: August 15, 2007, 09:25:41 am »
Andy, thanks for all the support.

I did try version 3.63 and the "Clear Config protection" button is enabled, but I get the error
"Device does not support operation. (clearing configuration protection)"

Also tried using the command line version to program the CWP bit in the boot status register. This seems not be working as well, as when reading it back on the command line version always hows it not programed to the value set in the hexfile or specified on the command line.

I used the following parameters:

FM COM(3,19200) DEVICE(89LPC952,0) INTERFACE(FDIUSBICP) ERASE(DEVICE, NOPROTECT) HEXFILE(Skbif.hex, NOCHECKSUMS, NOFILL, NOPROTECT) STATUSBYTE(0x40) READSTATUSBYTE QUIET(Skbif.txt)

this is the output...

Connected
Device selected
Erase complete (DEVICE)
Hex file programming complete (Skbif.hex)
Status byte programmend to 0x40
Status Byte: 0x00

If I use the GUI version afterwards I can change the Boot status register without any problem, would expect an error reporting that it is protected.

We need to be able to set this bit; had some failures recently with corrupted boot status register. NXP claims that those corruptions can occur during brownout conditions and would be prevented by setting the CWP bit.

Note that I did these tests by selecting P89LPC952 and '932A1 devices with the same result.

I think if someone goes through the effort to get the hexfile to have all the configuration registers and boot status register bits configured, one can be sure they know what they are doing and that this is done on purpose

thanks,

Pete

Andy Ayre

  • ESAcademy Staff
  • Sr. Member
  • *****
  • Posts: 2160
    • View Profile
    • Embedded Systems Academy, Inc.
    • Email
Re: Additional Security for LPC952
« Reply #8 on: August 15, 2007, 11:00:00 am »
A new version (3.64) will be available shortly to fix the error you are getting. Sorry about that oversight.

To set the CWP bit on the command line use the ADDLSECURITY directive. For example:

Code: [Select]
ADDLSECURITY(0, 1, 0)
Andy
Embedded Systems Academy, Inc.
support at esacademy dot com

phofmann

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: Additional Security for LPC952
« Reply #9 on: August 15, 2007, 01:06:04 pm »
Andy,

now I am getting there.

Just having one more problem. Using the command line, once I set the CWP bit, I cannot clear it anymore, at least from the command line

ERASE(DEVICE, NOPROTECTISP)

does not clear this bit. I cannot find any equivalent command to "Clear Configuration Protection". Would be nice to have this, then the command line would take car of all needed operations.

thanks again,

Pete