PEmicro Blog

How to Secure/Unsecure Microchip SAM-Series MCU

Mar 22, 2019

PEmicro prioritizes the safety of users’ intellectual property. Each manufacturer may employ multiple methods for securing or unsecuring a processor, so the goal is to make this process as simple and easy as possible for the user. In this article we'll explore utilizing the “Chip Protect” function of processors, which prevents data from being read or written from an external source. This helps keep data secure. Our example here is the Microchip SAM-Series MCU.

What is Chip Protect/Secure & Unsecure Device?

There are two types of device security: one that limits the amount of external reading and programming to specific memory addresses, and one that completely disables external reading and programming altogether. The range of valid commands sent to the device may also be limited. There are multiple secure and unsecure methods that can differ between processor families. Some of these unsecure methods can be done with our programming and debugging tools such as PROGACMP or Cyclone ISP programmers, while some require manipulating a specific Chip Erase pin.

Device Security with Microchip SAM MCUs

Securing Microchip processors involves sending a “Set Security Bit” command to the processors. Doing so will prevent external debug access aside from the Chip Erase command. PEmicro supports securing all current Microchip SAM MCUs with both our PROGACMP software tool and CYCLONE and CYCLONE FX in stand-alone mode. Our PROGACMP software and Cyclone programmers are device-agnostic and can choose which secure method is needed for the connected processor, making it faster and easier for users to secure.

Users will be informed in PROGACMP when their device is finished being secured. Some devices will need to be reset or power cycled before the change takes effect. After resetting, device security can be verified by attempting to connect. A successfully secured processor will cause a pop-up to tell the user that their device is secure, and ask if it should unsecure it. Users will be unable to read any memory addresses through external debug tools. 

Unsecuring Microchip SAM MCUs

Unsecuring Microchip MCUs typically involves performing a “Chip Erase” function. This will erase all volatile memory and the flash memory of the chip, and reset the security bit set during the secure process. Debug access to the chip will then be reactivated, allowing reading and writing operations.

Depending upon the specific SAM family, unsecuring can either be done automatically by a PEmicro programmer or is manually performed by a user setting certain MCU pins to specific states on powerup. The table below shows which unsecure method is used by different Microchip SAM device families: 

Processor  Family   Unsecure Method
SAM4C   Manually via Chip Erase Pin
SAM4E   Manually via Chip Erase Pin
SAM4L   PROGACMP/Cyclone Programmer
SAM4N   Manually via Chip Erase Pin
SAM4S   Manually via Chip Erase Pin
SAMC   PROGACMP/Cyclone Programmer
SAMD   PROGACMP/Cyclone Programmer
SAME   Manually via Chip Erase Pin
SAMG   Manually via Chip Erase Pin
SAML   PROGACMP/Cyclone Programmer
SAMS   Manually via Chip Erase Pin
SAMV   Manually via Chip Erase Pin

The SAM4L, SAMC, SAMD, and SAML device families can automatically be unsecured by PEmicro programmers. When using PROGACMP, device security is checked automatically upon initial connection and the software will ask the user if they would like to unsecure the device when security is active. When using the Cyclone stand alone programmer, the device security check and unsecuring process occur automatically whenever a secure device is being reprogrammed. Cyclone programmers do not prompt users about unsecure so that they do not disrupt the automatic programming process. 

The unsecure method for  SAM4C, SAM4E, SAM4N, SAM4S, SAME, SAMG, SAMS, and SAMV processors involves manually driving a Chip Erase pin to 3.3V. This Chip Erase pin is shared with GPIO PB12, and is set to Chip Erase on reset. Depending on the total flash size, the amount of time that the Chip Erase pin must be connected to 3.3V differs. This will typically range from 3-13 seconds, with longer times needed for larger flashes. To ensure a proper Chip Erase, the reset line must be held LOW while the Chip Erase pin is held HIGH. After the allotted time, the device should connect normally to PROGACMP or standalone programming. Please consult the corresponding MCU manual for the typical and maximum times for connecting the Chip Erase to 3.3V as well as detailed Chip Erase procedures. An example procedure is outlined below:

1. Assert HIGH on Chip Erase Pin (GPIO PB12)
2. Assert LOW on Reset Pin
3. Wait allotted time before releaseing Chip Erase and Reset pins
4. Power cycle device   

Tags related to this Blog Post

Cyclone     Cyclone FX     Multilink     Multilink FX     Prog ACMP     ARM     Microchip     Production Programming     Debug