Professional Documents
Culture Documents
An 120
An 120
Preventing FLASH Access The FLASH security bytes are located in the
FLASH memory as shown in Figure 1 and Figure 2
Via the JTAG Interface. below. To protect a FLASH memory block from
One of the two ways to read, write, and erase the unauthorized read or write/erase operations across
FLASH memory is via the JTAG interface (see the JTAG interface, refer to the memory block
application note “AN005 - Programming FLASH chart (also located in each device’s data sheet).
Through the JTAG Interface”.) The FLASH Pro-
gram Memory Security Bytes located in the FLASH Attempting a read operation on a byte in a read-
memory are used to prevent both read and/or write/ locked sector will return a value of ‘0’ and will set
erase operations of any or all of the 512-byte mem- the FAIL bit in the FLASHDAT register to ‘1’,
ory blocks via the JTAG interface. indicating a FLASH operation failure. (Please see
2 Rev. 1.1
AN120
application note, “AN005 - Programming FLASH ware. If software attempts to erase any byte in the
Through the JTAG Interface” for more information FLASH page containing the lock bytes, the erase
about how to read FLASH data via the JTAG inter- operation is ignored. If a non-security byte in the
face). Clearing a bit to logic ‘0’ in the Read Lock memory block that contains the FLASH security
Byte will prevent the corresponding block of bytes is addressed to perform a FLASH erase, only
FLASH memory from being read via the JTAG that 512-byte page will be erased (including the
interface. security bytes.)
Rev. 1.1 3
AN120
will be returned. Code loaded into FLASH in the executing above the FLACL boundary may per-
software protected space (below the FLACL form jump and call instructions into protected
boundary) is not restricted from executing. FLASH memory space below the FLACL boundary. Only
memory above the software access limit address MOVX and MOVC operations are prevented by
boundary may be used as normal (i.e., read and the Software Read Limit. To prevent access, the
write/erase operations may be performed by soft- FLASH Security Bytes should also be used to pre-
ware), but may not write or erase code below the vent JTAG access of the memory blocks at and
FLACL boundary. Thus, the application can protect below 0x4000 for total protection (see the previous
code from unauthorized access, yet still leave section, “Preventing FLASH Access Via the JTAG
FLASH memory usable to the end-user. Interface.)
NOTE: Software read protected FLASH should If the application does not require FLASH memory
also be locked using the security bytes to prevent to be programmable for the end-user, then it is best
JTAG access to the protected memory blocks. to lock the entire FLASH memory using the secu-
(When locking only certain memory blocks, the rity bytes, and the software access read limit is not
memory block containing the security bytes should needed (the end-user will not be able to download
always be locked from JTAG access as well to pre- code to FLASH to access protected information.)
vent the end-user from unlocking FLASH mem-
ory.)
FLASH Write and Erase
Setting the Software Read Limit Enable Bits
The software read limit is set using the FLASH One function of FLASH security is to prevent inad-
Access Limit special function register (FLACL). vertent modification of code. Silicon Labs FLASH
The upper byte of the desired software access write and erase operations cannot occur via soft-
limit address (the highest address the designer ware unless they are enabled using the Program
wishes to have software access protection) is Store Write Enable (PSWE) and Program Store
moved into the FLACL register. The lower byte of Erase Enable (PSEE) bits. In order to write to the
the address will be 0x00. (See Figure 3 below.) FLASH memory, the PSWE bit must be set to 1.
Thus, if the FLACL register is assigned the value When the PSWE bit is set to ‘1’, the MOVX
0x40, then the software access limit address will be instruction writes to FLASH memory instead of
0x4000. Thus, all code in memory from 0x0000 to XRAM (the default target). In order to erase a page
0x4000 (including 0x4000) will not be accessible of FLASH memory, the PSEE and PSWE bits must
via software executing above this address. Code be set to ‘1’. When the PSEE bit is set to ‘1’, the
R/W R/W R/W R/W R/W R/W R/W R/W Reset Value
00000000
Bit7 Bit6 Bit5 Bit4 Bit3 Bit2 Bit1 Bit0 SFR Address:
0xB7
4 Rev. 1.1
AN120
FLASH control logic interprets a FLASH write
operation as an erase operation. The PSEE and
PSWE bits aid in preventing inadvertent write and
erase modifications when they are not intended. Of
course, this does not perform the function of pro-
tecting intellectual property access by an unautho-
rized end-user, as the PSWE and PSEE bits are
always accessible. Always use the software read
access limit and/or FLASH security bytes for pro-
tection of intellectual property.
Rev. 1.1 5
Simplicity Studio
One-click access to MCU and
wireless tools, documentation,
software, source code libraries &
more. Available for Windows,
Mac and Linux!
Disclaimer
Silicon Labs intends to provide customers with the latest, accurate, and in-depth documentation of all peripherals and modules available for system and software implementers using or
intending to use the Silicon Labs products. Characterization data, available modules and peripherals, memory sizes and memory addresses refer to each specific device, and "Typical"
parameters provided can and do vary in different applications. Application examples described herein are for illustrative purposes only. Silicon Labs reserves the right to make changes
without further notice and limitation to product information, specifications, and descriptions herein, and does not give warranties as to the accuracy or completeness of the included
information. Silicon Labs shall have no liability for the consequences of use of the information supplied herein. This document does not imply or express copyright licenses granted
hereunder to design or fabricate any integrated circuits. The products are not designed or authorized to be used within any Life Support System without the specific written consent of
Silicon Labs. A "Life Support System" is any product or system intended to support or sustain life and/or health, which, if it fails, can be reasonably expected to result in significant personal
injury or death. Silicon Labs products are not designed or authorized for military applications. Silicon Labs products shall under no circumstances be used in weapons of mass
destruction including (but not limited to) nuclear, biological or chemical weapons, or missiles capable of delivering such weapons.
Trademark Information
Silicon Laboratories Inc.® , Silicon Laboratories®, Silicon Labs®, SiLabs® and the Silicon Labs logo®, Bluegiga®, Bluegiga Logo®, Clockbuilder®, CMEMS®, DSPLL®, EFM®, EFM32®,
EFR, Ember®, Energy Micro, Energy Micro logo and combinations thereof, "the world’s most energy friendly microcontrollers", Ember®, EZLink®, EZRadio®, EZRadioPRO®,
Gecko®, ISOmodem®, Precision32®, ProSLIC®, Simplicity Studio®, SiPHY®, Telegesis, the Telegesis Logo®, USBXpress® and others are trademarks or registered trademarks of Silicon
Labs. ARM, CORTEX, Cortex-M3 and THUMB are trademarks or registered trademarks of ARM Holdings. Keil is a registered trademark of ARM Limited. All other products or brand
names mentioned herein are trademarks of their respective holders.
http://www.silabs.com