Hi, I'm using an NE64 derivative. I would like to secure/protect my firmware in flash during or after the download of the firmware. I've seen a command FLASH PROTECT for the linker command file(.prm), but the mcu03ea.fpp file, for the NE64, that came with CodeWarrior has just a few lines in it. So I have a couple of questions: 1) What's the best way to secure the flash? 2) Does anyone have a complete FPP file (mcu03ea.fpp) for the NE64? If not, how is a file like that created? I'm using CodeWarrior 3.1 with a P&E BDM. Regards, Adlai Shawareb Hansen Medical
Flash Secure/protect help needed
Started by ●March 8, 2006
Reply by ●March 13, 20062006-03-13
Hi Adlai. CW12V31 does not provide the security word programming (address $FF0E-FF0F). You will have to write your own sequence to program these bytes and secure the device, if this is what you want to do. The latest CodeWarrior (CW12V45) provides a flash programming library, that is NOT selected by default, but that can be enabled (editing the .FPP file) to support the security word programming. Indeed, this requires in real time the last sector of the flash ($FC00|FE00-FFFF) to be fully backuped, erased then programmed with the desired security word. Do you want to program the security word? Regards, Gilles From: "adlai15" <adlai15@...> Date: Tue Mar 7, 2006 10:02 pm Subject: Hi, I'm using an NE64 derivative. I would like to secure/protect my firmware in flash during or after the download of the firmware. I've seen a command FLASH PROTECT for the linker command file(.prm), but the mcu03ea.fpp file, for the NE64, that came with CodeWarrior has just a few lines in it. So I have a couple of questions: 1) What's the best way to secure the flash? 2) Does anyone have a complete FPP file (mcu03ea.fpp) for the NE64? If not, how is a file like that created? I'm using CodeWarrior 3.1 with a P&E BDM. Regards, Adlai Shawareb Hansen Medical
Reply by ●March 21, 20062006-03-21
Gilles, Thanks. Yes, I want to program the security word. What I ended up doing was adding the following code to the Postload command file, and it seems to work fine. Is there a better way to handle it? // Program Security byte to Secure state wb 0x100 CLKDIV // set FCLKDIV clock divider wb 0x103 0 // FCFNG select block 0 wb 0x104 0xFF // FPROT all protection disabled wb 0x105 0x30 // clear PVIOL and ACCERR in FSTAT register ww 0xFF0E 0xFFFC // write security byte to "Unsecured" state wb 0x106 0x20 // write MEMORY PROGRAM command in FCMD register wb 0x105 0x80 // clear CBEIF in FSTAT register to execute the command wait 20 // wait for command to complete --- In 68HC12@68HC..., Gilles Blanquin <gilles.blanquin@...> wrote: > > Hi Adlai. > > CW12V31 does not provide the security word programming (address $FF0E-FF0F). > You will have to write your own sequence to program these bytes and secure > the device, if this is what you want to do. > > The latest CodeWarrior (CW12V45) provides a flash programming library, that > is NOT selected by default, but that can be enabled (editing the .FPP file) > to support the security word programming. > > Indeed, this requires in real time the last sector of the flash > ($FC00|FE00-FFFF) to be fully backuped, erased then programmed with the > desired security word. > > Do you want to program the security word? > > Regards, > Gilles > > > > From: "adlai15" <adlai15@> > Date: Tue Mar 7, 2006 10:02 pm > Subject: > > Hi, > > I'm using an NE64 derivative. I would like to secure/protect my > firmware in flash during or after the download of the firmware. I've > seen a command FLASH PROTECT for the linker command file(.prm), but > the mcu03ea.fpp file, for the NE64, that came with CodeWarrior has > just a few lines in it. So I have a couple of questions: > > 1) What's the best way to secure the flash? > 2) Does anyone have a complete FPP file (mcu03ea.fpp) for the NE64? If > not, how is a file like that created? > > I'm using CodeWarrior 3.1 with a P&E BDM. > > Regards, > Adlai Shawareb > Hansen Medical >
Reply by ●March 22, 20062006-03-22
Hi Adlai. Even if this seems to work, there is an important issue behind it. Indeed, if you could launch this script, it probably means that the chip is in "unsecured" state => security byte programmed to 0xFE. When you run your script, the security byte is then over programmed with a new value. Even if you can read the new value (as you just set on more bit to 0), this programming violates flash specifications and should never be performed. To summarize, you should never program twice the same word cell without erasing it. I have posted a new flash driver library (only valid for ICD12 v6.1.11 and later revisions). http://f6.grp.yahoofs.com/v1/ACMgRFD_6IwA6isqdF2ATh0PMhKX_gPPCIkVb8x3an3jAdT QMlpda78tvhQ8NijeLo31Ig8XxMAErT18AGJSDJ26iGo/fpp%27s%20for%20%20CW12V31%20an d%20ICD12%20v6.1.11%20and%20later%20releases.zip Installation: 1-debugger closed. 2-in CodeWarrior installation, "prog" folder, rename the "fpp" folder. 3-create a new "fpp" folder and unzip all posted files in this folder. 4-edit the NE64 fpp file with a text editor: The file is called "Mcu03ea.fpp". It contains: NVMIF2 MC9S12NE64_V11 0x3EA "hcs12_common.fpp" WORKSPACE 0x0400 0x1C00 3 2 DATABUFFER 0x500 0x1FFF MODULEIMPORT MC9S12_FLASH_4000 MODULEIMPORT MC9S12_FLASH_C000 MODULEIMPORT MC9S12_FLASH_FTS64K MODULEIMPORT MC9S12_FLASH_MIRROR_8000_PPAGE3C_FTS64K change the line: MODULEIMPORT MC9S12_FLASH_C000 to: MODULEIMPORT MC9S12_FLASH_C000_SW then save the file. 5-end Programming of the security word is then safe, as the sector is backuped in ram and patched with the security word, erased then programmed again. How to? e.g. from your .C source file: const unsigned short securityWord @0xFF0E = 0x1234; In the .prm: ENTRIES /* keep the following unreferenced variables */ securityWord END Regards, Gilles At 02:10 AM 3/22/2006, you wrote: >Gilles, > >Thanks. Yes, I want to program the security word. What I ended up >doing was adding the following code to the Postload command file, >and it seems to work fine. Is there a better way to handle it? > >// Program Security byte to Secure state >wb 0x100 CLKDIV // set FCLKDIV clock divider >wb 0x103 0 // FCFNG select block 0 >wb 0x104 0xFF // FPROT all protection disabled >wb 0x105 0x30 // clear PVIOL and ACCERR in FSTAT register >ww 0xFF0E 0xFFFC // write security byte to "Unsecured" state >wb 0x106 0x20 // write MEMORY PROGRAM command in FCMD register >wb 0x105 0x80 // clear CBEIF in FSTAT register to execute the >command >wait 20 // wait for command to complete > > > >--- In 68HC12@68HC..., Gilles Blanquin <gilles.blanquin@...> >wrote: > > > > Hi Adlai. > > > > CW12V31 does not provide the security word programming (address >$FF0E-FF0F). > > You will have to write your own sequence to program these bytes >and secure > > the device, if this is what you want to do. > > > > The latest CodeWarrior (CW12V45) provides a flash programming >library, that > > is NOT selected by default, but that can be enabled (editing >the .FPP file) > > to support the security word programming. > > > > Indeed, this requires in real time the last sector of the flash > > ($FC00|FE00-FFFF) to be fully backuped, erased then programmed >with the > > desired security word. > > > > Do you want to program the security word? > > > > Regards, > > Gilles > > > > > > > > From: "adlai15" <adlai15@> > > Date: Tue Mar 7, 2006 10:02 pm > > Subject: > > > > Hi, > > > > I'm using an NE64 derivative. I would like to secure/protect my > > firmware in flash during or after the download of the firmware. >I've > > seen a command FLASH PROTECT for the linker command file(.prm), but > > the mcu03ea.fpp file, for the NE64, that came with CodeWarrior has > > just a few lines in it. So I have a couple of questions: > > > > 1) What's the best way to secure the flash? > > 2) Does anyone have a complete FPP file (mcu03ea.fpp) for the >NE64? If > > not, how is a file like that created? > > > > I'm using CodeWarrior 3.1 with a P&E BDM. > > > > Regards, > > Adlai Shawareb > > Hansen Medical > > > > > > > > > >Yahoo! Groups Links > > > >
Reply by ●March 23, 20062006-03-23
Thanks Gilles for posting the new library. How can I find out which version of ICD12 I have? I'm using the version of CW31 that came with the Freescale demo board. I made the changes you suggested, but when I try to download I get a dialog saying "Error while writing to DA00..DC00.". Then it displays another dialog saying it can't load my ABS file. I don't know if my prm file is part of the problem, but here is my segments section just in case. Do you see anything that might cause the problems I'm seeing? SEGMENTS // Three POST variables are placed at 0x2000 - 0x2005 in Startup.c, so begin at // 0x2006. Before chaning INTERNAL_RAM, be sure to understand why we are // beginning RAM at 0x2006. INTERNAL_RAM = READ_WRITE 0x2006 TO 0x3EFE; MY_STACK = READ_WRITE 0x3EFF TO 0x3FFF; // unbanked FLASH EEPROM NON_BANKED_ROM_4000 = READ_ONLY 0x4000 TO 0x7FFF FILL 0xFF; /* 16K */ // Start at 0xC006 because the 3 2-byte CRC's are are at 0xC000, 0xC002, and 0xC004. NON_BANKED_ROM_C006 = READ_ONLY 0xC006 TO 0xFEFF FILL 0xFF; /* *FOR BDM* upper bank of 16K FLASH */ // 0xFF00 to 0xFF0F is the Flash Protection Area which we don't want to write code to. // unbanked FLASH EEPROM NON_BANKED_ROM_FF1F = READ_ONLY 0xFF1F TO 0xFF7F FILL 0xFF; // banked FLASH EEPROM // PAGE_3C = READ_ONLY 0x3C8000 TO 0x3CBFFF; // PAGE_3D = READ_ONLY 0x3D8000 TO 0x3DBFFF; END Regards, Adlai --- In 68HC12@68HC..., Gilles Blanquin <gilles.blanquin@...> wrote: > > Hi Adlai. > > Even if this seems to work, there is an important issue behind it. Indeed, > if you could launch this script, it probably means that the chip is in > "unsecured" state => security byte programmed to 0xFE. > > When you run your script, the security byte is then over programmed with a > new value. Even if you can read the new value (as you just set on more bit > to 0), this programming violates flash specifications and should never be > performed. > To summarize, you should never program twice the same word cell without > erasing it. > > I have posted a new flash driver library (only valid for ICD12 v6.1.11 and > later revisions). > > http://f6.grp.yahoofs.com/v1/ACMgRFD_6IwA6isqdF2ATh0PMhKX_gPPCIkVb8x3 an3jAdT > QMlpda78tvhQ8NijeLo31Ig8XxMAErT18AGJSDJ26iGo/fpp%27s%20for%20% 20CW12V31%20an > d%20ICD12%20v6.1.11%20and%20later%20releases.zip > > Installation: > > 1-debugger closed. > 2-in CodeWarrior installation, "prog" folder, rename the "fpp" folder. > 3-create a new "fpp" folder and unzip all posted files in this folder. > > > 4-edit the NE64 fpp file with a text editor: The file is called "Mcu03ea.fpp". > > It contains: > > NVMIF2 MC9S12NE64_V11 0x3EA "hcs12_common.fpp" > WORKSPACE 0x0400 0x1C00 3 2 > DATABUFFER 0x500 0x1FFF > MODULEIMPORT MC9S12_FLASH_4000 > MODULEIMPORT MC9S12_FLASH_C000 > MODULEIMPORT MC9S12_FLASH_FTS64K > MODULEIMPORT MC9S12_FLASH_MIRROR_8000_PPAGE3C_FTS64K > > > change the line: > > MODULEIMPORT MC9S12_FLASH_C000 > > to: > > MODULEIMPORT MC9S12_FLASH_C000_SW > > then save the file. > > 5-end > > Programming of the security word is then safe, as the sector is backuped in > ram and patched with the security word, erased then programmed again. > > How to? > > e.g. from your .C source file: > > const unsigned short securityWord @0xFF0E = 0x1234; > > In the .prm: > > ENTRIES /* keep the following unreferenced variables */ > securityWord > END > > > > Regards, > Gilles > > > > At 02:10 AM 3/22/2006, you wrote: > >Gilles, > > > >Thanks. Yes, I want to program the security word. What I ended up > >doing was adding the following code to the Postload command file, > >and it seems to work fine. Is there a better way to handle it? > > > >// Program Security byte to Secure state > >wb 0x100 CLKDIV // set FCLKDIV clock divider > >wb 0x103 0 // FCFNG select block 0 > >wb 0x104 0xFF // FPROT all protection disabled > >wb 0x105 0x30 // clear PVIOL and ACCERR in FSTAT register > >ww 0xFF0E 0xFFFC // write security byte to "Unsecured" state > >wb 0x106 0x20 // write MEMORY PROGRAM command in FCMD register > >wb 0x105 0x80 // clear CBEIF in FSTAT register to execute the > >command > >wait 20 // wait for command to complete > > > > > > > >--- In 68HC12@68HC..., Gilles Blanquin <gilles.blanquin@> > >wrote: > > > > > > Hi Adlai. > > > > > > CW12V31 does not provide the security word programming (address > >$FF0E-FF0F). > > > You will have to write your own sequence to program these bytes > >and secure > > > the device, if this is what you want to do. > > > > > > The latest CodeWarrior (CW12V45) provides a flash programming > >library, that > > > is NOT selected by default, but that can be enabled (editing > >the .FPP file) > > > to support the security word programming. > > > > > > Indeed, this requires in real time the last sector of the flash > > > ($FC00|FE00-FFFF) to be fully backuped, erased then programmed > >with the > > > desired security word. > > > > > > Do you want to program the security word? > > > > > > Regards, > > > Gilles > > > > > > > > > > > > From: "adlai15" <adlai15@> > > > Date: Tue Mar 7, 2006 10:02 pm > > > Subject: > > > > > > Hi, > > > > > > I'm using an NE64 derivative. I would like to secure/protect my > > > firmware in flash during or after the download of the firmware. > >I've > > > seen a command FLASH PROTECT for the linker command file (.prm), but > > > the mcu03ea.fpp file, for the NE64, that came with CodeWarrior has > > > just a few lines in it. So I have a couple of questions: > > > > > > 1) What's the best way to secure the flash? > > > 2) Does anyone have a complete FPP file (mcu03ea.fpp) for the > >NE64? If > > > not, how is a file like that created? > > > > > > I'm using CodeWarrior 3.1 with a P&E BDM. > > > > > > Regards, > > > Adlai Shawareb > > > Hansen Medical > > > > > > > > > > > > > > > > > > >Yahoo! Groups Links > > > > > > > > >
Reply by ●March 27, 20062006-03-27
Hi Aldai.
please type the "VER" command in a Command window in the debugger.
You should get something like this:
in>VER
HI-WAVE 6.1.42 Build 3249
HI-WAVE Engine 6.1.68 Build 4047
Source 6.1.27 Build 3249
Assembly 6.1.20 Build 3249
Procedure 6.1.13 Build 3249
Register 6.1.20 Build 3249
Memory 6.1.30 Build 3249
Data 6.1.37 Build 3249
Data 6.1.37 Build 3249
Command Line 6.1.24 Build 3249
ICD-12 Target 6.1.12 Build 5023
68HC12 Interface Libraries Version 2.62 (http://www.pemicro.com)
Apparently, the library is NOT compatible with your ICD-12 release.
Regards,
Gilles
At 08:44 PM 3/23/2006, you wrote:
>Thanks Gilles for posting the new library. How can I
find out which
>version of ICD12 I have? I'm using the version of CW31 that came
>with the Freescale demo board.
>
>I made the changes you suggested, but when I try to download I get a
>dialog saying "Error while writing to DA00..DC00.". Then it displays
>another dialog saying it can't load my ABS file.
>
>I don't know if my prm file is part of the problem, but here is my
>segments section just in case. Do you see anything that might cause
>the problems I'm seeing?
>
>SEGMENTS
> // Three POST variables are placed at 0x2000 - 0x2005 in
>Startup.c, so begin at
> // 0x2006. Before chaning INTERNAL_RAM, be sure to understand why
>we are
> // beginning RAM at 0x2006.
> INTERNAL_RAM = READ_WRITE 0x2006 TO 0x3EFE;
> MY_STACK = READ_WRITE 0x3EFF TO 0x3FFF;
>
> // unbanked FLASH EEPROM
> NON_BANKED_ROM_4000 = READ_ONLY 0x4000 TO 0x7FFF FILL 0xFF; /*
>16K */
>
> // Start at 0xC006 because the 3 2-byte CRC's are are at 0xC000,
>0xC002, and 0xC004.
> NON_BANKED_ROM_C006 = READ_ONLY 0xC006 TO 0xFEFF FILL 0xFF; /*
>*FOR BDM* upper bank of 16K FLASH */
>
> // 0xFF00 to 0xFF0F is the Flash Protection Area which we don't
>want to write code to.
>
> // unbanked FLASH EEPROM
> NON_BANKED_ROM_FF1F = READ_ONLY 0xFF1F TO 0xFF7F FILL 0xFF;
>
> // banked FLASH EEPROM
>// PAGE_3C = READ_ONLY 0x3C8000 TO 0x3CBFFF;
>// PAGE_3D = READ_ONLY 0x3D8000 TO 0x3DBFFF;
>END
>
>Regards,
>Adlai
>--- In 6...@yahoogroups.com, Gilles Blanquin
>wrote:
> >
> > Hi Adlai.
> >
> > Even if this seems to work, there is an important issue behind it.
>Indeed,
> > if you could launch this script, it probably means that the chip
>is in
> > "unsecured" state => security byte programmed to 0xFE.
> >
> > When you run your script, the security byte is then over
>programmed with a
> > new value. Even if you can read the new value (as you just set on
>more bit
> > to 0), this programming violates flash specifications and should
>never be
> > performed.
> > To summarize, you should never program twice the same word cell
>without
> > erasing it.
> >
> > I have posted a new flash driver library (only valid for ICD12
>v6.1.11 and
> > later revisions).
> >
> >
>http://f6.grp.yahoofs.com/v1/ACMgRFD_6IwA6isqdF2ATh0PMhKX_gPPCIkVb8x3
>an3jAdT
> > QMlpda78tvhQ8NijeLo31Ig8XxMAErT18AGJSDJ26iGo/fpp%27s%20for%20%
>20CW12V31%20an
> > d%20ICD12%20v6.1.11%20and%20later%20releases.zip
> >
> > Installation:
> >
> > 1-debugger closed.
> > 2-in CodeWarrior installation, "prog" folder, rename the "fpp"
>folder.
> > 3-create a new "fpp" folder and unzip all posted files in this
>folder.
> >
> >
> > 4-edit the NE64 fpp file with a text editor: The file is
>called "Mcu03ea.fpp".
> >
> > It contains:
> >
> > NVMIF2 MC9S12NE64_V11 0x3EA "hcs12_common.fpp"
> > WORKSPACE 0x0400 0x1C00 3 2
> > DATABUFFER 0x500 0x1FFF
> > MODULEIMPORT MC9S12_FLASH_4000
> > MODULEIMPORT MC9S12_FLASH_C000
> > MODULEIMPORT MC9S12_FLASH_FTS64K
> > MODULEIMPORT MC9S12_FLASH_MIRROR_8000_PPAGE3C_FTS64K
> >
> >
> > change the line:
> >
> > MODULEIMPORT MC9S12_FLASH_C000
> >
> > to:
> >
> > MODULEIMPORT MC9S12_FLASH_C000_SW
> >
> > then save the file.
> >
> > 5-end
> >
> > Programming of the security word is then safe, as the sector is
>backuped in
> > ram and patched with the security word, erased then programmed
>again.
> >
> > How to?
> >
> > e.g. from your .C source file:
> >
> > const unsigned short securityWord @0xFF0E = 0x1234;
> >
> > In the .prm:
> >
> > ENTRIES /* keep the following unreferenced variables */
> > securityWord
> > END
> >
> >
> >
> > Regards,
> > Gilles
> >
> >
> >
> > At 02:10 AM 3/22/2006, you wrote:
> > >Gilles,
> > >
> > >Thanks. Yes, I want to program the security word. What I ended up
> > >doing was adding the following code to the Postload command file,
> > >and it seems to work fine. Is there a better way to handle it?
> > >
> > >// Program Security byte to Secure state
> > >wb 0x100 CLKDIV // set FCLKDIV clock divider
> > >wb 0x103 0 // FCFNG select block 0
> > >wb 0x104 0xFF // FPROT all protection disabled
> > >wb 0x105 0x30 // clear PVIOL and ACCERR in FSTAT register
> > >ww 0xFF0E 0xFFFC // write security byte to "Unsecured" state
> > >wb 0x106 0x20 // write MEMORY PROGRAM command in FCMD register
> > >wb 0x105 0x80 // clear CBEIF in FSTAT register to execute the
> > >command
> > >wait 20 // wait for command to complete
> > >
> > >
> > >
> > >--- In 6...@yahoogroups.com, Gilles Blanquin
> > >wrote:
> > > >
> > > > Hi Adlai.
> > > >
> > > > CW12V31 does not provide the security word programming (address
> > >$FF0E-FF0F).
> > > > You will have to write your own sequence to program these bytes
> > >and secure
> > > > the device, if this is what you want to do.
> > > >
> > > > The latest CodeWarrior (CW12V45) provides a flash programming
> > >library, that
> > > > is NOT selected by default, but that can be enabled (editing
> > >the .FPP file)
> > > > to support the security word programming.
> > > >
> > > > Indeed, this requires in real time the last sector of the flash
> > > > ($FC00|FE00-FFFF) to be fully backuped, erased then programmed
> > >with the
> > > > desired security word.
> > > >
> > > > Do you want to program the security word?
> > > >
> > > > Regards,
> > > > Gilles
> > > >
> > > >
> > > >
> > > > From: "adlai15"
> > > > Date: Tue Mar 7, 2006 10:02 pm
> > > > Subject:
> > > >
> > > > Hi,
> > > >
> > > > I'm using an NE64 derivative. I would like to secure/protect my
> > > > firmware in flash during or after the download of the firmware.
> > >I've
> > > > seen a command FLASH PROTECT for the linker command file
>(.prm), but
> > > > the mcu03ea.fpp file, for the NE64, that came with CodeWarrior
>has
> > > > just a few lines in it. So I have a couple of questions:
> > > >
> > > > 1) What's the best way to secure the flash?
> > > > 2) Does anyone have a complete FPP file (mcu03ea.fpp) for the
> > >NE64? If
> > > > not, how is a file like that created?
> > > >
> > > > I'm using CodeWarrior 3.1 with a P&E BDM.
> > > >
> > > > Regards,
> > > > Adlai Shawareb
> > > > Hansen Medical
> > > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >Yahoo! Groups Links
> > >
> > >
> > >
> > >
> >
>Yahoo! Groups Links
Yahoo! Groups Links