73S1209F Data Sheet
DS_1209F_004
1.4 Program Security
Two levels of program and data security are available. Each level requires a specific fuse to be blown in
order to enable or set the specific security mode. Mode 0 security is enabled by setting the SECURE bit
(bit 6 of SFR register
0xB2) Mode 0 limits the ICE interface to only allow bulk erase of the
flash program memory. All other ICE operations are blocked. This guarantees the security of the user’s
MPU program code. Security (Mode 0) is enabled by MPU code that sets the SECURE bit. The MPU
code must execute the setting of the SECURE bit immediately after a reset to properly enable Mode 0.
This should be the first instruction after the reset vector jump has been executed. If the “startup.a51”
assembly file is used in an application, then it must be modified to set the SECURE bit after the reset
vector jump. If not using “startup.a51”, then this should be the first instruction in main(). Once security
Mode 0 is enabled, the only way to disable it is to perform a global erase of the flash followed by a full
circuit reset. Once the flash has been erased and the reset has been executed, security Mode 0 is
disabled and the ICE has full control of the core. The flash can be reprogrammed after the bulk erase
operation is completed. Global erase of the flash will also clear the data XRAM memory. The security
enable bit (SECURE) is reset whenever the MPU is reset. Hardware associated with the bit only allows it
to be set. As a result, the code may set the SECURE bit to enable the security Mode 0 feature but may
not reset it. Once the SECURE bit is set, the code is protected and no external read of program code in
flash or data (in XRAM) is possible. In order to invoke the security Mode 0, the SECSET0 (bit 1 of XRAM
SFR register
0xFFD7) fuse must be blown beforehand or the security mode 0 will not be
enabled. The SECSET0 and SECSET1 fuses once blown, cannot be overridden.
Specifically, when SECURE is set:
•
The ICE is limited to bulk flash erase only.
•
Page zero of flash memory may not be page-erased by either MPU or ICE. Page zero may only be
erased with global flash erase. Note that global flash erase erases XRAM whether the SECURE bit is
set or not.
•
Writes to page zero, whether by MPU or ICE, are inhibited.
Security mode 1 is in effect when the SECSET1 fuse has been programmed (blown open). In security
mode 1, the ICE is completely and permanently disabled. The Flash program memory and the MPU are
not available for alteration, observation, or control. As soon as the fuse has been blown, the ICE is
disabled. The testing of the SECSET1 fuse will occur during the reset and before the start of pre-boot
and boot cycles. This mode is not reversible, nor recoverable. In order to blow the SECSET1 fuse, the
SEC pin must be held high for the fuse burning sequence to be executed properly. The firmware can
check to see if this pin is held high by reading the SECPIN bit (bit 5 of XRAM SFR register
0xFFD7). If this bit is set and the firmware desires, it can blow the SECSET1 fuse. The burning of the
SECSET0 does not require the SEC pin to be held high.
In order to blow the fuse for SECSET1 and SECSET0, a particular set of register writes in a specific order
need to be followed. There are two additional registers that need to have a specific value written to them
in order for the desired fuse to be blown. These registers are
(0xFFD2) and
(0xFFD1). The sequence for blowing the fuse is as follows:
1. Write 0x54H to
.
2. Write 0x81H for security mode 0
Note: only program one security mode at a time.
Write 0x82H for security mode 1
Note: SEC pin must be high for security mode 1.
4. Delay about 500 us
5. Write 0x00 to
16
Rev.
1.2