Securing Renesas RA/Synergy Devices via ID Code Protection
It is crucial to be able to prevent access by third parties to on-chip flash memory. Renesas RA and Synergy devices offer several means of security, one of which is called ID Code protection. After the MCU starts up in boot mode, ID authentication is performed when a host such as a PC is connected, in order to prevent unauthorized access. PEmicro's tools now allow users to take advantage of ID Code protection within the OCD/Serial Programmer ID Setting Register (OSIS) of supported Renesas ARM processors. The idea behind ID Code protection is for the user to write four 32-bit words into the OSIS register with ID code bits [127] and [126] indicating the level of security issued. Figure 1 below describes the possible security levels. Figure 1. ID Code table, from Renesas RA6M1 Group, User's Manual: Hardware, all rights Renesas Electronics. This ID Code functionality will be available in PEmicro’s latest Cyclone firmware release and with the newest instances of PROGACMP for 1) an interactive solution (via PROGACMP software), or 2) a standalone programming solution (via the Cyclone's Image Creation Utility). ID Code Protection with Image Creation Utility If the user is unfamiliar with the creation of a stand-alone programming (SAP) image, they should please refer to “How to Regenerate a Stand Alone Programming Image” blog post for a broader explanation of how to create a Stand Alone Programming Image. The Cyclone LC and Cyclone FX user manuals also describe this procedure. Select the corresponding Renesas ARM device from the “Select New Device” button and choose the flash programming algorithm for the device. Once the algorithm is selected, the “Programming Sequence” display window will populate with flash programming commands as shown in Figure 2. Figure 2. Image Creation Commands with Security Highlighted The user can select any variation of programming commands they wish, however, for security purposes the commands of interest will be “SI Set ID Code” and “PI Program ID Code” as highlighted in Figure 2 above. The “SI” command must be selected first, which will take in an 8-character hexadecimal parameter for OSIS register bits [0:31] shown in Figure 3. Figure 3. SI Command Parameter in Image Creation To populate the rest of the OSIS register, the user must re-select the “SI” command to fill in the next 32-bit word and so on. NOTE: The "SI” command is limited to four parameters and will provide an error after four inputs. Once the user is satisfied with the ID Code that has been set, the next step is to select the “PI: Program ID Code” command, which will take a single decimal parameter (0,1 or 2) to set the security level, shown in Figure 4. Figure 4. PI Command Parameter in Image Creation An input of 0 will unsecure the devices (program 0xFFFFFFFF to all OSIS registers). An input of 1 will only allow the user to unsecure through ID Code Authentication (see section on ID Authentication) with bit 127 equal to 1 and bit 126 equal to 1. An input of 2 will allow user to unsecure through ID Code Authentication as well as thr ALeRASE command (mass erase) with bit 127 and bit 126 both equal to 1. NOTE: If a parameter of 1 is selected, we strongly encourage the user to keep track of the ID Code that is provided, in case the part needs to be unsecured through ID Authentication. Once all of the programming commands with security functions are selected (full example shown in Figure 5), create the SAP image and select the “START” button on the Cyclone to execute the image and issue the security functions. Figure 5. SAP Image with ID Code Protection Example NOTE: If security level is set to level 2 and another SAP image is executed, a mass erase will be issued to enter debug mode and complete the SAP image. If the security level is set to level 1 and a SAP image is executed, an error code $00000007 will occur and the device will only be able to enter debug mode after a correct ID authentication, by providing matching ID codes. ID Code Protection with PROGACMP If the user is unfamiliar with the standard PROGACMP procedures, they can refer to the PROGACMP User Manual for instructions. Once the user is connected to their Renesas ARM device and the corresponding flash programming algorithm has been selected, flash programming functions will populate the “Choose Programming Function” window. For ID Code protection, the functions of interest will be “SI: Set ID Code” and “PI: Program ID Code” under “Algorithm Specific Commands” (highlighted in Figure 6). Figure 6. SI and PI Commands The user must first select the “SI” command, which will take in an 8-character hexadecimal parameter for OSIS register bits [0:31] show in Figure 7. Figure 7. SI Command Input Parameter PROGACMP Similar to the Image Creation process, to populate the rest of the OSIS register, the user must reselect the “SI” command to fill in the next 32-bit word and so on. NOTE: “SI” command is limited to four parameters and will provide and error after four inputs. Once the user is satisfied with the ID Code that has been set, the next step is to select the “PI Program ID Code” command which will take a single decimal parameter (0,1 or 2) to set the security level shown in Figure 8. Figure 8. “PI” Command Input Parameter Security parameters for “PI” command are exactly the same as when using the Image Creation Utility; please refer to this description from earlier in this blog post for security parameters and corresponding levels. The security function will go into effect after a reset. Upon re-entry of debug mode in PROGACMP, the pop-up shown in Figure 9 will appear to prompt if the user would like to unsecure with the ALeRASE command within our software (if applicable). Figure 9. Mass Erase Prompt Selecting “Yes” will continue a mass erase of the part if the correct security level is set. Selecting “No” will return the user to the connection manager. If a security level of 1 was selected when programming the ID Code and the user wishes to unsecure the device, please refer to the next section for instructions on how to accomplish this. ID Authentication through “id_authentication.py” script As described throughout this blog post, PEmicro provides the ability to specify an ID Code and enable a security level that requires the user to unsecure through an ID Code match. PEmicro has developed a python script located within the Renesas support files folder (“../supportFiles/supportFiles_ARM/Renesas”) that will allow the user to successfully unsecure their Renesas device through an ID Code match. Please refer to the “README.txt” file in that folder for instructions on how to run the script with the necessary parameters. If the result of “id_authentication.py” returns “Success”, the ID Code provided matches the one programmed in to the OSIS register (example shown in Figure 10). The user can now re-enter debug mode and execute any flash programming commands as before. NOTE: A reset must be executed after programming the ID Code in order to successfully check for an ID Code match with the python script. Also, after a power cycle of the device, the python script will have to be run again to authenticate the ID Code if it is still set within the OSIS register. Figure 10. Example of Successful ID Code Match For more information or further clarification on steps to handle security within Renesas ARM device, please contact PEmicro Technical Support.
