MCU Security Options

From SEGGER Wiki
Jump to: navigation, search

Most MCUs come with some kind of configurable security features (often called "Read-Out-Protection", "Code Security", "Lock Bits", "Debug Disable", "Memory Protection", etc.), which limits the access of an external debugger to the MCU. For example one of the most common security option is to disable some functionality of the flash controller so that the internal flash memory can no longer be accessed from an external debugger, which can be used in order to protect the IP, private keys or other things stored in the firmware of a product from being read by 3rd parties once the product has left the production facility. Other security features, once active, may limit the access to the volatile Memory, CPU or special function registers, the AHB-AP in general, completely disable the debug unit or combine multiple of previously named.

Depending on the device family and the secure mechanism, this change can bei either permanent or can only be revoked by triggering a mass erase of the device, which makes it possible to use a secured device again, but also makes sure that the flash contents cannot be extracted.

J-Link software support

Each device family usually has its own unique security mechanism, feature set, configuration possibilities and also the ways to enable or disable security features are different for each device family. Due to the amount of different device families and features, there is no generic implementation for enabling a security feature on any specific device. Instead SEGGER developed a different approach that scales better with the enormous amount of supported devices (nearly 8000 at the time of writing this document) and allows each engineer to configure the security features of the MCU individually, in accordance to actual needs of the product / project.

Disabling MCU Security features or Connecting to a secured Target MCU

The SEGGER Software natively supports automatic protection detection and unlocking of various different devices. Once a device is detected as being in a protected state, J-Link attempts to lift the protection in order to make development and debugging with the device possible. If connecting to a (retractable!) secured device fails, please get in touch with with the SEGGER support. For some device families, the J-Link software supports not only unlocking, but also restoring factory default settings of the target MCU via the J-Link Commander "unlock" command or the dedicated "STM32 Unlock" application.

Enabling MCU Security features

There are currently two possible ways to enable security features of a target MCU using SEGGER programmer / debugging probes:

  1. Enable the security from within the target application or bootloader at runtime (usually at the first boot)
  2. Securing the device by executing the necessary Memory and/or SFR reads and writes, which can be done via
    1. J-Link Commander
    2. J-Link SDK functions
    3. Using the "Exit steps" feature of J-Flash

Option 1) and 2.3) are recommended for production purposes.