Manualshelf

Datasheet

ManualsBrandsTEXAS INSTRUMENTS ManualsMicrocontrollers, Microprocessors & QuartzesEmbedded microcontroller TSSOP 38 32-Bit 60 MHz I/O number 20
21222324252627282930
TMS320F28027, TMS320F28026, TMS320F28023, TMS320F28022
TMS320F28021, TMS320F28020, TMS320F280200
SPRS523J NOVEMBER 2008REVISED OCTOBER 2013
www.ti.com
3.2.9 Security
The devices support high levels of security to protect the user firmware from being reverse engineered.
The security features a 128-bit password (hardcoded for 16 wait-states), which the user programs into the
flash. One code security module (CSM) is used to protect the flash/OTP and the L0/L1 SARAM blocks.
The security feature prevents unauthorized users from examining the memory contents via the JTAG port,
executing code from external memory or trying to boot-load some undesirable software that would export
the secure memory contents. To enable access to the secure blocks, the user must write the correct 128-
bit KEY value that matches the value stored in the password locations within the Flash.
In addition to the CSM, the emulation code security logic (ECSL) has been implemented to prevent
unauthorized users from stepping through secure code. Any code or data access to flash, user OTP, or L0
memory while the emulator is connected will trip the ECSL and break the emulation connection. To allow
emulation of secure code, while maintaining the CSM protection against secure memory reads, the user
must write the correct value into the lower 64 bits of the KEY register, which matches the value stored in
the lower 64 bits of the password locations within the flash. Note that dummy reads of all 128 bits of the
password in the flash must still be performed. If the lower 64 bits of the password locations are all ones
(unprogrammed), then the KEY value does not need to match.
When initially debugging a device with the password locations in flash programmed (that is, secured), the
CPU will start running and may execute an instruction that performs an access to a protected ECSL area.
If this happens, the ECSL will trip and cause the emulator connection to be cut.
The solution is to use the Wait boot option. This will sit in a loop around a software breakpoint to allow an
emulator to be connected without tripping security. The user can then exit this mode once the emulator is
connected by using one of the emulation boot options as described in the TMS320x2802x Piccolo Boot
ROM Reference Guide (literature number SPRUFN6). Piccolo devices do not support a hardware wait-in-
reset mode.
NOTE
When the code-security passwords are programmed, all addresses between 0x3F7F80
and 0x3F7FF5 cannot be used as program code or data. These locations must be
programmed to 0x0000.
If the code security feature is not used, addresses 0x3F7F80 through 0x3F7FEF may be
used for code or data. Addresses 0x3F7FF0 0x3F7FF5 are reserved for data and
should not contain program code.
The 128-bit password (at 0x3F 7FF8 0x3F 7FFF) must not be programmed to zeros. Doing
so would permanently lock the device.
26 Functional Overview Copyright © 2008–2013, Texas Instruments Incorporated
Submit Documentation Feedback
Product Folder Links: TMS320F28027 TMS320F28026 TMS320F28023 TMS320F28022 TMS320F28021
TMS320F28020 TMS320F280200