[SOLVED] Set Security bit via J-Link Commander

Dragnier · Apr 4th 2016, 5:23pm

Is there a way to set the security bit of an ATSAM3S chip using the J-Link commander?
The goal is to have an automated script that will flash the chip and ensure that it cannot be read out.
Thanks.

SEGGER - Niklas · Apr 4th 2016, 6:38pm

Hi,

should be possible.

J-Link Commander Command file would like as follows:

# Flashing the Chip
loadfile <Filename> [<Addr>]
# Securing the Chip
w4 <Addr>, <Data> (hex)
wreg <RegName>, <Data>
sleep 100
w4 <Addr>, <Data> (hex)

Meaning that you can flash the chip using the loadfile command and w4(32bit write to memory-mapped addresses) and wreg(write to specified register) commands in order to secure/lock the chip.
The secure/lockign procedure can be looked up in the device manual.

Best regards,
Niklas

Dragnier · Apr 7th 2016, 4:02am

Hi Niklas,

Thanks for your reply. Sorry about the long delay. I was only able to try your suggestion today.
Based on the datasheet, security is enabled by writing 0x54 to the CMDE (0x00) register.

So based on what you said, this should be my code:

w4 0x00,0x0054
wreg <regName>, 0x0054
sleep 100
w4 0x00, 0x0054

My problem is i don't see a CMDE register using regs. I also tried setting the regName to 0x00 but I wasn't able to lock the part.

Any additional input would be greatly appreciated.
Thanks

SEGGER - Niklas · Apr 7th 2016, 9:24am

Hi,

w4 0x00,0x0054
wreg <regName>, 0x0054
sleep 100
w4 0x00, 0x0054

It seems my answers was a little bit confusing.
I tried to give an example how a lock procedure might look alike. (By showing which commands are usually used in a lock procedure)
It was not my intention to say that every lock procedure contains a w4, wreg, sleep, w4.

Can you provide me with a link to the manual you are referring to?

Best regards,
Niklas

Dragnier · Apr 7th 2016, 4:34pm

Here's the link to the datasheet: atmel.com/Images/Atmel-6500-32…M3S2-SAM3S1_Datasheet.pdf
You can find the security bit commands at page 298.
Thanks Niklas

SEGGER - Niklas · Apr 8th 2016, 9:39am

Hi,

this looks promising:

Source Code

8.1.3.6 Security Bit Feature
The SAM3S features a security bit, based on a specific General Purpose NVM bit (GPNVM bit 0).
When thesecurity is enabled, any access to the Flash, SRAM, Core Registers and Internal Peripherals either through the ICE interface or through the Fast Flash Programming Interface, is forbidden.
This ensures the confidentiality of the code programmed in the Flash.
This security bit can only be enabled, through the command “Set General Purpose NVM Bit 0” of the EEFC User Interface.
Disabling the security bit can only be achieved by asserting the ERASE pin at 1, and after a full Flash erase is performed.
When the security bit is deactivated, all accesses to the Flash, SRAM, Core registers, Internal Peripherals are permitted.

Source Code

19.3.3.5 GPNVM Bit
GPNVM bits do not interfere with the embedded Flash memory plane. Refer to the product definition section for
information on the GPNVM Bit Action.
The set GPNVM bit sequence is:
* Start the Set GPNVM Bit command (SGPB) by writing the Flash Command Register with the SGPB command and the number of the GPNVM bit to be set.
* When the GPVNM bit is set, the bit FRDY in the Flash Programming Status Register (EEFC_FSR) rises. If an interrupt was enabled by setting the FRDY bit in EEFC_FMR, the interrupt line of the NVIC is activated.
* If the GPNVM bit number is greater than the total number of GPNVM bits, then the command has no effect. The result of the SGPB command can be checked by running a GGPB (Get GPNVM Bit) command.
One error can be detected in the EEFC_FSR register after a programming sequence:
* A Command Error: a bad keyword has been written in the EEFC_FCR register.
It is possible to clear GPNVM bits previously set. The clear GPNVM bit sequence is:
* Start the Clear GPNVM Bit command (CGPB) by writing the Flash Command Register with CGPB and the number of the GPNVM bit to be cleared.
* When the clear completes, the FRDY bit in the Flash Programming Status Register (EEFC_FSR) rises. If an interrupt has been enabled by setting the FRDY bit in EEFC_FMR, the interrupt line of the NVIC is activated.
* If the GPNVM bit number is greater than the total number of GPNVM bits, then the command has no effect.
One error can be detected in the EEFC_FSR register after a programming sequence:
* A Command Error: a bad keyword has been written in the EEFC_FCR register.
The status of GPNVM bits can be returned by the Enhanced Embedded Flash Controller (EEFC). The sequence is:
* Start the Get GPNVM bit command by writing the Flash Command Register with GGPB. The FARG field is meaningless.
* GPNVM bits can be read by the software application in the EEFC_FRR register. The first word read corresponds to the 32 first GPNVM bits, following reads provide the next 32 GPNVM bits as long as it is meaningful. Extra reads to the EEFC_FRR register return 0.
For example, if the third bit of the first word read in the EEFC_FRR is set, then the third GPNVM bit is active.
One error can be detected in the EEFC_FSR register after a programming sequence:
* a Command Error: a bad keyword has been written in the EEFC_FCR register.
Note: Access to the Flash in read is permitted when a set, clear or get GPNVM bit command is performed.

Display All

Best regards,
Niklas

Source Code

Source Code

Share