Destructive Reset Diagnostic Routine for the MAXQ1103

文章摘要：If any of the SDI input pins are pulled high (to VDDIO) and then released, the microcontroller will execute a destructive reset. This reset will erase the program decryption key and the main program code will no longer run. Instead, the LCD will display a message indicating that a DRS has occurred a

Destructive Reset Diagnostic Routine for the MAXQ1103,标签：单片机开发,单片机原理,单片机教程,http://www.88dzw.com


If any of the SDI input pins are pulled high (to VDDIO) and then released, the microcontroller will execute a destructive reset. This reset will erase the program decryption key and the main program code will no longer run. Instead, the LCD will display a message indicating that a DRS has occurred and showing the contents of the DRSRS register. See Figure 2.



The flags in the DRSRS register are used to decode which SDI source caused the destructive reset. Additionally, the time and date of the last DRS are shown on the LCD display. This last feature is not strictly part of the DRS diagnostic routine, but rather of the DRS logger, which captures the value of the RTS (RTC Second Counter) register at the instant when the SDI triggered.

Implementation Details

The source code to implement the "main application" of an RTC is straightforward and will not be described in this application note. This source code is, however, heavily commented and may be reused as an RTC example. This section of code is stored in the memory segment called CODE, which begins at program memory address 0x000600. A preprogram load command contained in MAXQ30_Target.js script enables an encrypted area of 64kWord with the PMAC and PMSZ registers. This area is 3DES encrypted and will be the location where the CODE program section will reside.

To implement the DRS recovery vector, we must reserve some space which will not be used by the main application program. A memory section is declared in the MAXQ1103.xml file starting at 0x3C600 for 16kWord, and a memory segment is declared within this named RESERVE. This allows us to use the Rowley assembly directive CSEG RECOVERY to place our DRS diagnostic routine at the proper address. This address is dictated by the DIAS[3:0] bits within the DRSRS register.

The function enable_drs_diag() writes the DRSRS register to the value 0x00001E01. This value enables the diagnostic vector and selects the diagnostic vector location of 0x3C600.

The DRS diagnostic routine will be called by the ROM after the destructive reset (i.e., once the causative self-destruct input has been removed). This routine should not call any other code within an encrypted memory region (as defined by PMAC/PMSZ), as this code will be fetched encrypted and the resulting execution can cause undesired system operation.

The recovery routine is contained in the file drs.asm and demonstrates the use of the CSEG directive to locate this code in the RECOVERY segment.

While the diagnostic vector may call unencrypted C code in internal program memory, the programmer must set up the C runtime environment before calling this code. One can reference the crt0.asm file included with the Rowley compiler to determine what setup is needed.

Conclusion

The MAXQ1103 diagnostic routine feature gives the application programmer a method to execute code following a security-related destructive reset. It provides a clear separation between the secure application and the unsecured recovery code. The diagnostic routine can then log the security violation and take the appropriate post-destruction actions, such as alerting a remote location or performing further erasure of internal memories.

上一页  [1] [2]