Hi all,
I have a requirement to be able to set the security bit
in an Atmel at91sam7 processor. I need this because I
want to be able to use openocd to do production device
programming via the jtag port.
(is there a better tool available to do this?)
I have attached a patch to allow this. It is based on a
copy/paste of the function that does the gpnvm bits.
It's a little ugly because as soon as to set the security
bit the jtag link breaks. You have to make sure that
setting the security bit is the last thing you do before
locking down the device.
www.microbus.com - Tel: +44 (0)1628 537300 Fax: +44 (0)1628 537301
Microbus, Treadaway Hill, Loudwater, High Wycombe, Buckinghamshire HP10 9QL
The information transmitted is intended only for the person to whom or entity
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or taking
of any action in reliance upon, this information by persons or entities other
than the intended recipient is prohibited.
If you received this in error, please contact the sender by e-mail reply or by
phone and delete all copies of the material.
Microbus Limited Registered in England No. 01984857 Registered Office 2 AC
Court High Street Thames Ditton Surrey KT7 0SR. VAT no. GB 442 3444 71
diff -Naur openocd-0.5.0/doc/openocd.texi openocd-0.5.0.mod/doc/openocd.texi
--- openocd-0.5.0/doc/openocd.texi 2011-08-09 06:34:19.000000000 +0100
+++ openocd-0.5.0.mod/doc/openocd.texi 2012-05-03 09:31:45.000000000 +0100
@@ -4499,6 +4499,22 @@
the appropriate at91sam7 target.
@end quotation
@end deffn
+
+@deffn Command {at91sam7 set_security_bit}
+Set the security bit for the processor. This operation is dangerous.
+If you don't know why you want this, you probably should
+not use this command.
+
+@quotation Note
+Openocd will immediately stop working and fail when this command
+is run. All values will read back as 0xFF's. As the security bit is remembered
+across power cycles, all future debugging sessions will fail too.
+
+The only way to recover once the security bit is set is to apply
+a logic one signal to the erase pin of the processor and cycle the power.
+This may require the use of a soldering iron.
+@end quotation
+@end deffn
@end deffn
@deffn {Flash Driver} avr
diff -Naur openocd-0.5.0/src/flash/nor/at91sam7.c
openocd-0.5.0.mod/src/flash/nor/at91sam7.c
--- openocd-0.5.0/src/flash/nor/at91sam7.c 2011-08-09 06:34:19.000000000
+0100
+++ openocd-0.5.0.mod/src/flash/nor/at91sam7.c 2012-05-02 16:40:58.000000000
+0100
@@ -1269,6 +1269,70 @@
return ERROR_OK;
}
+
+COMMAND_HANDLER(at91sam7_handle_set_security_bit_command)
+{
+ struct flash_bank *bank;
+ uint8_t flashcmd;
+ uint32_t status;
+ struct at91sam7_flash_bank *at91sam7_info;
+ int retval;
+
+ if (CMD_ARGC != 0)
+ {
+ command_print(CMD_CTX, "at91sam7 set_security_bit");
+ return ERROR_OK;
+ }
+
+ bank = get_flash_bank_by_num_noprobe(0);
+ if (bank == NULL)
+ {
+ return ERROR_FLASH_BANK_INVALID;
+ }
+ if (strcmp(bank->driver->name, "at91sam7"))
+ {
+ command_print(CMD_CTX, "not an at91sam7 flash bank ");
+ return ERROR_FLASH_BANK_INVALID;
+ }
+ if (bank->target->state != TARGET_HALTED)
+ {
+ LOG_ERROR("target has to be halted to perform flash operation");
+ return ERROR_TARGET_NOT_HALTED;
+ }
+
+ flashcmd = SSB;
+
+ at91sam7_info = bank->driver_priv;
+ if (at91sam7_info->cidr == 0)
+ {
+ retval = at91sam7_read_part_info(bank);
+ if (retval != ERROR_OK)
+ {
+ return retval;
+ }
+ }
+
+ /* Configure the flash controller timing */
+ at91sam7_read_clock_info(bank);
+ at91sam7_set_flash_mode(bank, FMR_TIMING_NVBITS);
+
+ command_print(CMD_CTX, "writing security bit, will lock out jtag ");
+
+ if (at91sam7_flash_command(bank, flashcmd, 0) != ERROR_OK)
+ {
+ return ERROR_FLASH_OPERATION_FAILED;
+ }
+
+ /* GPNVM and SECURITY bits apply only for MC_FSR of EFC0 */
+ status = at91sam7_get_flash_status(bank->target, 0);
+ LOG_DEBUG("at91sam7_handle_set_security_bit_command: cmd 0x%x, status
0x%" PRIx32, flashcmd, status);
+
+ /* check protect state */
+ at91sam7_protect_check(bank);
+
+ return ERROR_OK;
+}
+
static const struct command_registration at91sam7_exec_command_handlers[] = {
{
.name = "gpnvm",
@@ -1278,6 +1342,14 @@
"(gpnvm) bit",
.usage = "bitnum ('set'|'clear')",
},
+ {
+ .name = "set_security_bit",
+ .handler = at91sam7_handle_set_security_bit_command,
+ .mode = COMMAND_EXEC,
+ .help = "set security bit, must be last operation, "
+ "fouls up jtag ",
+ .usage = "",
+ },
COMMAND_REGISTRATION_DONE
};
static const struct command_registration at91sam7_command_handlers[] = {
@@ -1290,6 +1362,7 @@
COMMAND_REGISTRATION_DONE
};
+
struct flash_driver at91sam7_flash = {
.name = "at91sam7",
.commands = at91sam7_command_handlers,
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
OpenOCD-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openocd-devel
