PEmicro Blog

Securing Renesas RA/Synergy Devices via ID Code Protection

Update: as of Feb 20th, 2024: the process for programming OSIS region on Renesas RA processors is greatly simplified and no longer relies on user functions. ID Code Authentication is now also handled directly in the PEmicro software instead of an external Python script

It is crucial to be able to prevent access by third parties to on-chip flash memory. Renesas RA and Synergy devices offer several means of security, one of which is called ID Code protection. After the MCU starts up in boot mode, ID authentication is performed when a host such as a PC is connected, in order to prevent unauthorized access. PEmicro's tools now allow users to take advantage of ID Code protection within the OCD/Serial Programmer ID Setting Register (OSIS) of supported Renesas ARM processors.

The idea behind ID Code protection is for the user to write four 32-bit words into the OSIS register with ID code bits [127] and [126] indicating the level of security issued. Figure 1 below describes the possible security levels.

Figure 1. ID Code table, from Renesas RA6M1 Group, User's Manual: Hardware, all rights Renesas Electronics.

This ID Code functionality will be available in PEmicro’s latest Cyclone firmware release and with the newest instances of PROGACMP for 1) an interactive solution (via PROGACMP software), or 2) a standalone programming solution (via the Cyclone's Image Creation Utility). 

ID Code Protection with e2 Studio

When creating your project with e2 studio, double click configuration.xml which is likely in the script folder.

Figure 2. configuration.xml file in e2 Studio

Select the BSP tab and then properties as in the figure below.

 

Figure 3. Setting ID Code protection in e2 Studio

Under ID Code Mode, there are 3 options, “Unlocked (Ignore ID)”, “Locked with All Erase support” and “Locked”, which correspond to the first 3 entries in figure 1. An “Unlocked (Ignore ID)” device will program 0xFFFFFFFF to all OSIS registers. A “Locked” device will only allow the user to unsecure through ID Code Authentication (see section on ID Authentication) with bit 127 equal to 1 and bit 126 equal to 0. A” Locked with All erase support” device will allow the user to unsecure through ID Code Authentication as well as the ALeRASE command (mass erase) with bit 127 and bit 126 both equal to 1. NOTE: If “Locked" is selected, we strongly encourage the user to keep track of the ID Code that is entered, and/or the resultant SREC, in case the part needs to be unsecured through ID Authentication.

Figure 4. ID Code Mode options in e2 Studio

You can then enter a 32 hex character password in the ID Code field underneath if applicable. Once your project is built, the produced SREC containing these settings can be directly programmed to your chosen device using Image Creation Utility or PROGACMP.

If a security level of “Locked”, or “Unlocked with All Erase support” was selected when building the project and the user wishes to unsecure the device, please refer to the instructions below.

ID Code Protection with Image Creation Utility

If the user is unfamiliar with the creation of a stand-alone programming (SAP) image, they should please refer to “How to Regenerate a Stand Alone Programming Image” blog post for a broader explanation of how to create a Stand Alone Programming Image. The Cyclone LC and Cyclone FX user manuals also describe this procedure.

The SREC file produced from e2 Studio will contain the binary data for both the main flash and the OSIS region. Both regions will be written by the flash programming algorithm.

NOTE: If the security level is set to locked and a SAP image is executed, an error code $00000007 will occur and the device will only be able to enter debug mode after a correct ID authentication, by providing matching ID codes. If the security level is set to “locked with erase support” and another SAP image is executed, a mass erase will be issued to enter debug mode and complete the SAP image. 

ID Authentication with Cyclone Image Creation Utility

To successfully unsecure a Renesas device through ID Code match with Cyclone Image Creation Utility, the 32 hex character ID Code used to secure the device must be entered before clicking “Build & Deploy”. Select the “Power and Communication” tab in Fig. 5. Then check “Allow ID Authentication” under Security Settings to view the ID Code entry field. The 128-bit-ID Code can be entered manually, however it is preferred to select “Load” and choose the originally programmed file. The ID Code will be extracted from the file and populate the field below.
 

Figure 5. Security Settings for Cyclone Image Creation Utility

ID Code Protection with PROGACMP

If the user is unfamiliar with the standard PROGACMP procedures, they can refer to the PROGACMP User Manual for instructions.

Once the user is connected to their Renesas ARM device and the corresponding flash programming algorithm has been selected, simply program the SREC file produced by e2 Studio. This will program both the main flash and OSIS regions.

The security function will go into effect after a reset. Upon re-entry of debug mode in PROGACMP, the pop-up shown in Figure 6 will appear to prompt if the user would like to unsecure with the ALeRASE command within our software (if applicable).

Figure 6. Mass Erase Prompt

Selecting “Yes” will continue a mass erase of the part if the correct security level is set. Selecting “No” will return the user to the connection manager. 

ID Authentication with PROGACMP

To successfully unsecure a Renesas device through ID Code match with PROGACMP, the 32 hex character ID Code used to secure the device must be entered in PEmicro connection manager upon connection. Click “Security Settings” (Fig. 7)

 

Figure 7. PROGACMP Security settings for ID Authentication

Then check “Allow ID Authentication”. The 128-bit-ID Code can be entered manually, however it is preferred to select “Browse” and choose the originally programmed file. The ID Code will be extracted from the file and appear in the field below.


 

Figure 8. Entering ID Code in PROGACMP 

The user can now re-enter debug mode and execute any flash programming commands as before. NOTE: A reset must be executed after programming the ID Code in order to successfully check for an ID Code match. 

For more information or further clarification on steps to handle security within Renesas ARM device, please contact PEmicro Technical Support.

Tags related to this Blog Post

Cyclone FX     Multilink     Multilink FX     Prog ACMP     ARM     Renesas     Debug