SPRS584Q April 2009 – January 2024 TMS320F28030 , TMS320F28030-Q1 , TMS320F28031 , TMS320F28031-Q1 , TMS320F28032 , TMS320F28032-Q1 , TMS320F28033 , TMS320F28033-Q1 , TMS320F28034 , TMS320F28034-Q1 , TMS320F28035 , TMS320F28035-Q1
PRODUCTION DATA
The devices support high levels of security to protect the user firmware from being reverse engineered. The security features a 128-bit password (hardcoded for 16 wait states), which the user programs into the flash. One code security module (CSM) is used to protect the flash/OTP and the L0/L1 SARAM blocks. The security feature prevents unauthorized users from examining the memory contents through the JTAG port or trying to boot-load some undesirable software that would export the secure memory contents. To enable access to the secure blocks, the user must write the correct 128-bit KEY value that matches the value stored in the password locations within the Flash.
In addition to the CSM, the emulation code security logic (ECSL) has been implemented to prevent unauthorized users from stepping through secure code. Any code or data access to flash, user OTP, or Lx memory while the JTAG debug probe is connected will trip the ECSL and break the debug probe connection. To allow debug of secure code, while maintaining the CSM protection against secure memory reads, the user must write the correct value into the lower 64 bits of the KEY register (KEY0–KEY3), which matches the value stored in the lower 64 bits of the password locations (PWL0–PWL3) within the flash. Dummy reads of all 128 bits of the password in the flash must still be performed. If the lower 64 bits of the password locations are all ones (unprogrammed), then the KEY value does not need to match. During debug of secure code, operations like single-stepping is possible. However, the actual contents of the secure memory cannot be seen in the CCS window.
When power is applied to a secure device that is connected to a JTAG debug probe, the CPU will start executing and may execute an instruction that performs an access to a protected area. If this happens, the ECSL will trip and cause the JTAG circuitry to be deactivated. Under this condition, a host (such as a computer running CCS or flash programing software) would not be able to establish connection with the device.
The solution is to use the Wait boot option. In this mode, code loops around a software breakpoint to allow a JTAG debug probe to be connected without tripping security. The user can then exit this mode once the JTAG debug probe is connected by using one of the emulation boot options as described in the Boot ROM chapter in the TMS320F2803x Real-Time Microcontrollers Technical Reference Manual. These devices do not support a hardware wait-in-reset mode.
If reprogramming of a secure device via JTAG is desired, it is important to put in the needed hooks in the board design to be able to put the device in Wait boot mode upon power-up. Otherwise, ECSL may deactivate the JTAG circuitry and prevent connection to the device, as mentioned earlier.
The 128-bit password (at 0x3F 7FF8 to 0x3F 7FFF) must not be programmed to zeros. Doing so would permanently lock the device.
THE CODE SECURITY MODULE (CSM) INCLUDED ON THIS DEVICE WAS DESIGNED TO PASSWORD PROTECT THE DATA STORED IN THE ASSOCIATED MEMORY (EITHER ROM OR FLASH) AND IS WARRANTED BY TEXAS INSTRUMENTS (TI), IN ACCORDANCE WITH ITS STANDARD TERMS AND CONDITIONS, TO CONFORM TO TI'S PUBLISHED SPECIFICATIONS FOR THE WARRANTY PERIOD APPLICABLE FOR THIS DEVICE.
TI DOES NOT, HOWEVER, WARRANT OR REPRESENT THAT THE CSM CANNOT BE COMPROMISED OR BREACHED OR THAT THE DATA STORED IN THE ASSOCIATED MEMORY CANNOT BE ACCESSED THROUGH OTHER MEANS. MOREOVER, EXCEPT AS SET FORTH ABOVE, TI MAKES NO WARRANTIES OR REPRESENTATIONS CONCERNING THE CSM OR OPERATION OF THIS DEVICE, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL TI BE LIABLE FOR ANY CONSEQUENTIAL, SPECIAL, INDIRECT, INCIDENTAL, OR PUNITIVE DAMAGES, HOWEVER CAUSED, ARISING IN ANY WAY OUT OF YOUR USE OF THE CSM OR THIS DEVICE, WHETHER OR NOT TI HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EXCLUDED DAMAGES INCLUDE, BUT ARE NOT LIMITED TO LOSS OF DATA, LOSS OF GOODWILL, LOSS OF USE OR INTERRUPTION OF BUSINESS OR OTHER ECONOMIC LOSS.