AURIX devices have several sensitive modules/areas (BMHDs, HSM, UCBs), which
could lock the device permanently when configured incorrectly. To
prevent locking your device follow these recommendations:
Image checker
Use the Image checker during UCB or HSM code programming. A separate license is needed for image checking.
It analyzes the download file(s) at download to prevent misconfiguration
of the MCU, which could result in the incorrect boot or bricked MCU due to a disabled
debug periphery. If a violation is detected, it:
- Rejects programming
- Modifies write data to keep the device unsecured or
- Allows the download
Image checker is configured in the
Hardware | CPU Options | Debugging and it checks if after
flash actions, the device will be in an operational state:
-
When HSM is enabled:
- Are BMHDs valid
- Is the HSM code present
- Is HSM debug protection enabled
- Do UCBs have confirmation codes
- Do UCB_BMHD CRCs match
- Existence of UCB ORIG/COPY pairs (TC3xx only)
- Is debug protection enabled
- Is read protection enabled
- Is the HSM code loaded to the correct HSM Code Sector
-
The program entry point (if UCB_BMHDx.STAD matches the entry point of the
primary ELF file)
If an issue occurs, a warning is displayed in the Progress window.
The Image checker functionality is bypassed when flash is programmed
through the Memory Window.
Download HSM code before HSM is enabled
Follow these steps:
- Load the HSM code.
- Load the application code.
- Perform download.
- Enable HSM.
Note that the chip will be locked after the next power-on reset if the HSM is
enabled before the HSM code is downloaded.
AURIX plugin / Memory Window
Program the UCBs via the
AURIX plugin
or
Memory Window (not recommended). It is not recommended to program it in the
application code, because it may not execute properly. After download the
CPU is reset and if there isn’t any code programmed and HSM is enabled
the CPU will be locked.
New UCB values are used by the CPU after the next power on reset. If your
application changes the content of UCBs during program execution, this could
lead to hard-to-find bugs if UCBs are not programmed/changed properly. It
is recommended that UCBs are changed only during download, via Memory Window
or AURIX plugin, when the CPU is stopped and you know exactly what is
written to UCBs.
Demo Mode
Use winIDEA
Demo Mode before flash
programming to test whether all UCB sectors contain correct data because
wrong UCB data can lock the device permanently.
UCB programming
The number of writes to UCB is limited. Refer to your TriCore device
documentation for the exact number of writes.
Require correct Device ID when attaching to SoC
Enable the option in Hardware | CPU Options | Reset to detect device mismatch and abort emulation start, before you accidentally program e.g. TC397 image into TC387 and lock the device.
More resources in winIDEA Help