flash Kinetis: make FCF protection more user friendly 28/4228/4
authorTomas Vanek <vanekt@fbl.cz>
Wed, 6 Sep 2017 20:34:14 +0000 (22:34 +0200)
committerFreddie Chopin <freddie.chopin@gmail.com>
Thu, 25 Jan 2018 16:40:31 +0000 (16:40 +0000)
flash Kinetis: make FCF protection more user friendly

The Flash Configuration Field on Kinetis devices requires protection
because it is located in program flash space (at 0x400) and writing
an improper data to it may permanently lock the device. Even an erased
flash sector containing FCF engages security lock (not permanent one)
on the next reset or power cycle.

'kinetis fcf_source protection' mode was introduced in the change #3562.
Flash driver in this mode sets FCF immediately after sector erase to
prevent unintentional security lock. To do so the driver needs to know
FCF values before flash image data is actually processed. Flash
protection bits are available in bank structure, FOPT can be set by
'kinetis fopt' command and securing device by FSEC is not supported.

Nevertheless an inexperienced user flashed the device using an image
with FCF values different from those set in OpenOCD config and
concluded programming did not work as some verify errors showed.

This change tries to write maximum possible from image data
retaining FCF protection.

Check FCF in programmed data and report if some field differs from
values set by OpenOCD flash block protection and 'kinetis fopt' command.
Warn user about verify errors caused by FCF protection.

On devices with ECC flash (K26, K66 and KV5x) it is impossible to change
already programmed FCF - it would result in an ECC error. As FCF was
written just after erase in 'kinetis fcf_source protection' mode
the warning issued during flash write is the only possible action.

On non-ECC flash devices use cumulative flash programming to
set FCF values requested in programmed image data.
Use FSEC from programmed data only if it does not request a secure
mode. Device can be secured only in 'kinetis fcf_source write' mode.
Use FOPT from programmed data if its value was not configured
in OpenOCD config by 'kinetis fopt' command.

Change-Id: If65fbbd7700069f57e4ae32234dce371bff93674
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/4228
Tested-by: jenkins
Reviewed-by: Robert Foss <robert.foss@memcpy.io>
Reviewed-by: Paul Fertser <fercerpav@gmail.com>

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)