PEmicro Blog

Cypress: How To Secure/Unsecure A Cypress PSoC 4 MCU

Mar 20, 2019

Cypress’ PSoC 4 Cortex-M0 processor-based microcontrollers offer a few device features to prevent external flash access. Enabling device security features on products prevents third party sources from accessing or manipulating program code and data. This article will detail fo the user the secure and unsecure process for Cypress PSoC 4 devices. 

Device security is designed to prevent any unintended access to the flash of Cypress microcontroller-based products. A variety of modes can be enabled to prevent external read and/or write commands to the device and can only be disabled by erasing and resetting flash memory and user settings.

Securing Cypress PSoC 4 MCUs

The three security modes for PSoC 4 are “OPEN”, “PROTECTED”, and “KILL” mode. “OPEN” mode is the factory default, and allows all read and write access to flash. In “PROTECTED” mode, only user code and memory read/write access is disabled, while most internal registers can still be read and written to. “KILL” mode permanently disables flash memory and external debugger access. ”KILL” mode is a permanent setting that can only be set from “OPEN” mode and cannot be reset. Write Protection settings can be set for both flash macros in dual-macro PSoC 4 devices. 

When using our PROGACMP software, PSoC 4 devices’ command for setting the security mode can be found under “CP ;Chip Protect”. The user will be prompted to enter a security mode value. An input value of “2” corresponds to “PROTECTED” and “4” corresponds to “KILL”. If the number “4” is entered, another warning will show up, asking the user to confirm that they would like to permanently secure their device.

Unsecuring Cypress PSoC 4 MCUs

To prevent confidential user information from being read after an unlock, the PSoC microcontrollers are designed to only unlock after an Erase All command. These commands are sent to the NVL and will erase all flash content and configuration bytes, and reset flash protection settings. 

In PROGACMP, connecting to a non-permanently secured device will trigger a pop up stating that the device is secure. The pop up will ask if the user would like to unsecure the device. Choosing “Yes” will automatically begin the Erase All procedure and access to flash commands will be available shortly after. In standalone image programming with the Cyclone programmer, non-permanently secured devices are automatically unsecured each time a user starts their programming process.

Tags related to this Blog Post

Cyclone     Cyclone FX     Multilink     Multilink FX     Prog ACMP     Cypress     Production Programming     Debug