Categories

{{ selectedCategory.name }}

{{ topic.Title }} {{ topic.Ddate | formatDate }}

{{ topic.Content }}

No topics found!

Infineon Aurix: Prevent locking

03-Jul-2024

Aurix devices have several sensitive modules/areas (BMHDs, HSM, UCBs), which could lock the device permanently when configured incorrectly. To prevent locking your device follow these recommendations:


Image checker

Use the Image checker during UCB or HSM code programming. A separate license is needed for image checking.

It analyzes the download file(s) at download to prevent misconfiguration of the MCU, which could result in the incorrect boot or bricked MCU due to a disabled debug periphery. If a violation is detected, it:

  • Rejects programming
  • Modifies write data to keep the device unsecured or 
  • Allows the download

Image checker is configured in the Hardware | CPU Options | Debugging and it checks if after flash actions, the device will be in an operational state:

  • When HSM is enabled:
    • Are BMHDs valid
    • Is the HSM code present
    • Is HSM debug protection enabled
  • Do UCBs have confirmation codes
  • Do UCB_BMHD CRCs match
  • Existence of UCB ORIG/COPY pairs (TC3xx only)
  • Is debug protection enabled
  • Is read protection enabled
  • Is the HSM code loaded to the correct HSM Code Sector
  • The program entry point (if UCB_BMHDx.STAD matches the entry point of the primary ELF file)
If an issue occurs, a warning is displayed in the Progress window. 

The Image checker functionality is bypassed when flash is programmed through the Memory Window.



Download HSM code before HSM is enabled
Follow these steps:
  1. Load the HSM code.
  2. Load the application code. 
  3. Perform download.
  4. Enable HSM.

Note that the chip will be locked after the next power-on reset if the HSM is enabled before the HSM code is downloaded.


Aurix plugin / Memory Window
Program the UCBs via the Aurix plugin or Memory Window (not recommended). It is not recommended to program it in the application code, because it may not execute properly. After download the CPU is reset and if there isn’t any code programmed and HSM is enabled the CPU will be locked.

New UCB values are used by the CPU after the next power on reset. If your application changes the content of UCBs during program execution, this could lead to hard-to-find bugs if UCBs are not programmed/changed properly. It is recommended that UCBs are changed only during download, via Memory Window or Aurix plugin, when the CPU is stopped and you know exactly what is written to UCBs.


Demo Mode
Use winIDEA Demo Mode before flash programming to test whether all UCB sectors contain correct data because wrong UCB data can lock the device permanently. 


UCB programming
The number of writes to UCB is limited. Refer to your TriCore device documentation for the exact number of writes.


Require correct Device ID when attaching to SoC
Enable the option in Hardware | CPU Options | Reset to detect device mismatch and abort emulation start, before you accidentally program e.g. TC397 image into TC387 and lock the device.


More resources in winIDEA Help

Was this answer helpful?

Sorry this article didn't answer your question, we'd love to hear how we can improve it.
Note: This form won't submit a case. We'll just use it to make this article better.

Similar topics

{{ topic.Title }} {{ topic.Ddate | formatDate }}

{{ topic.Content }}

No similar topics found!

Other topics in the same category

{{ topic.Title }} {{ topic.Ddate | formatDate }}

{{ topic.Content }}

No topics found!