KB: Simple method to Lock the JTAG Interface to protect firmware

Question:

A lot of users are asking for a simple way to lock the JTAG Interface to protect firmware in RSL10.

Solution:

In the project’s initial code, you can add the sentence below. RSL10 will lock the JTAG immediately when this code sentence comes up.

uint32_t ip_key[4] = {0x12345678, 0x9ABCDEF0, 0xAA5500FF, 0xAABBCCDD};
/* Set the key and limit access to the SWJ-DP interface */

Sys_IP_Lock(ip_key);

Likewise, RSL10 will unlock the JTAG when it encounters the code sentence below.

/* Unlock full access to the SWJ-DP interface */
Sys_IP_Unlock();

To run this unlock sentence, your application waits to receive a password from UART. Once the correct password is received, the code can unlock RSL10.

I followed the steps shown in the RSL10 Hardware Reference, Section 3.3.1, shown here:

Writing a key:
// Write key to LOCK_INFO_KEY in flash
w4 0x00081044
2. Locking:
// Write lock word to LOCK_INFO_SETTING in flash
w4 0x00081040 0x4C6F634B

However, this had no effect, even after a reset. I was still able to read back contents of flash using the mem command.

Are there any other steps required in order to enable IP Protection using the JLink ?

Thanks,
Adrian

Hi Amorgan

Would you please copy my C sentence as above directly for test? I have tested it , it can work well. Thanks…

Hi Titan,

We would prefer to do this in a programming script that controls the J-Link rather than programmatically in our firmware. Can you confirm whether the steps shown in the RSL10 hardware reference are correct ?

Thanks,

Adrian

Hi Titan,

I added you code as suggested and programmed a device. However, subsequently when I connect a J-Link via SWD interface, I can still issue a command such as savebin and the contents of flash are copied out into the file. Thus as far as I can see there is no effect whatsoever insofar as I can still copy out the contents of flash from the device.

Does the IP Protection only work for the JTAG interface or does it also apply to SWD ? Not much use really if flash can still be accessed via SWD.

Thanks,

Adrian