SPRADK2A November   2024  – October 2025 F29H850TU , F29H859TU-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. Introduction
  5. Supplemental Online Information
  6. SSU Overview
  7. Key Concept Definitions
  8. Safety and Security Goals
  9. System Design
  10. Configuring the SSU
    1. 7.1 Flash SECCFG Region
    2. 7.2 SSU Development Life Cycle
    3. 7.3 Using the SysConfig Tool
      1. 7.3.1 Enabling System Security Configuration
      2. 7.3.2 Configuring Application Modules
      3. 7.3.3 Configuring Special Modules
        1. 7.3.3.1 LINK2 Configuration
        2. 7.3.3.2 LINK1 Configuration
        3. 7.3.3.3 Common Code Link Configuration
      4. 7.3.4 Defining Sandboxes
      5. 7.3.5 Adding Shared Memory
  11. Debug Authorization
    1. 8.1 Password-Based Unlock
  12. Debugging the SSU
    1. 9.1 Debugging Build Errors
    2. 9.2 Debugging Runtime Errors
  13. 10SSU Frequently Asked Questions (FAQ)
  14. 11Summary
  15. 12References
  16. 13Revision History

8.1 Password-Based Unlock

Within the System Security module, the SSUMODE can be selected. As shown in Figure 8-1in SSUMODE 3 secure debug and firmware updates are supported. Thus, to enable debug authorization based on a password entry and match, first select SSUMODE3. After SSUMODE3 has been selected, a section named 'Debug Access (SSU MODE 3 Only)' appears. Within this section, passwords for partial and full debug can be defined for each of the ZONEs. C29 Debug only has one password, hence there is only one entry. These passwords get loaded to SECCFG at the time of boot.

Note: Please verify that the correct access permissions have been set in place when using SSUMODE3. The recommendation is that a user test permissions setup while in SSUMODE2 first. If the device is transitioned to SSUMODE3 without the proper APR configuration then code won't execute properly due to enforced protections.
SSU Mode 3 additional settings Figure 8-1 SSU Mode 3 additional settings

Once the device is in SSUMODE3, all debug access is closed. The passwords setup in SysConfig need to be scanned into the device via the SEC-AP interface to open up the proper debug for the different zones. To do this, modify the SEC-AP gel file with the passwords that were used within SysConfig. To access the SEC-AP gel file in CCS, use the following steps:

  • Right-click on any of the visible cores within CCS Debug view in the connections pane and select 'Show all cores'
  • Connect to the C29 SEC-AP core
  • Go to 'View' in the CCS toolbar menu and choose 'GEL Files'
  • Open the provided SEC-AP gel file
  • Modify the passwords for the different zones as provided in SysConfig. Writes for the 128-bit passwords are in the following order: [31:0] bits, [63:32] bits, [95:64] bits, [127:96] bits.
  • Disconnect from the SECAP interface and reconnect. The passwords are scanned in on connection. Thus, C29 and Zones open if the passwords scanned in through SECAP interface match what was configured through SysConfig.

Upon successful debug open, a connection to the respective C29 cores is possible.