of security. When Flash security mode is enabled in accordance with the method described in the Flash
Memory module specification, the device will disable external P-space accesses restricting code execution
to internal memory, disable EXTBOOT=1 mode, and disable the core EOnCE debug capabilities. Normal
program execution is otherwise unaffected.
7.2 Flash Access Blocking Mechanisms
The 56F8367/56F8167 have several operating functional and test modes. Effective Flash security must
address operating mode selection and anticipate modes in which the on-chip Flash can be compromised
and read without explicit user permission. Methods to block these are outlined in the next subsections.
7.2.1
Forced Operating Mode Selection
At boot time, the SIM determines in which functional modes the device will operate. These are:
•
•
•
Internal Boot Mode
External Boot Mode
Secure Mode
When Flash security is enabled as described in the Flash Memory module specification, the device will
boot in internal boot mode, disable all access to external P-space, and start executing code from the Boot
Flash at address 0x02_0000.
This security affords protection only to applications in which the device operates in internal Flash security
mode. Therefore, the security feature cannot be used unless all executing code resides on-chip.
When security is enabled, any attempt to override the default internal operating mode by asserting the
EXTBOOT pin in conjunction with reset will be ignored.
7.2.2
Disabling EOnCE Access
On-chip Flash can be read by issuing commands across the EOnCE port, which is the debug interface for
the 56800E core. The TRST, TCLK, TMS, TDO, and TDI pins comprise a JTAG interface onto which the
EOnCE port functionality is mapped. When the device boots, the chip-level JTAG TAP (Test Access Port)
is active and provides the chip’s boundary scan capability and access to the ID register.
Proper implementation of Flash security requires that no access to the EOnCE port is provided when
security is enabled. The 56800E core has an input which disables reading of internal memory via the
JTAG/EOnCE. The FM sets this input at reset to a value determined by the contents of the FM security
bytes.
7.2.3
Flash Lockout Recovery
If a user inadvertently enables Flash security on the device, a built-in lockout recovery mechanism can be
used to reenable access to the device. This mechanism completely reases all on-chip Flash, thus disabling
Flash security. Access to this recovery mechanism is built into CodeWarrior via an instruction in memory
configuration (.cfg) files. Add, or uncomment the following configuration command:
unlock_flash_on_connect 1
For more information, please see CodeWarrior MC56F83xx/DSP5685x Family Targeting Manual.
56F8367 Technical Data, Rev. 9
130
Freescale Semiconductor
Preliminary
FREESCALE [ Freescale ]
