search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
FEATURE Machine Safety


A fl exible method of safeguarding boot code and other critical data


By Ken Lin, Deputy Director of Flash Memory Technical Marketing and Application Engineering at Winbond Electronics T


he IoT has the potential to benefi t us in many ways, but, at the same time, its distributed nature makes such systems vulnerable to attack,


of which, arguably, the most serious is the bootloader attack. A device’s bootloader is the fi rst software component to start, responsible for loading the operating system (OS) kernel into RAM. It has full control of the device, deciding what software operates, when and how. In hacking, the bootloader can be used to access the system’s fl ash storage and modify the OS kernel with malicious code. However, NOR fl ash memory can be


confi gured to protect the data it stores to prevent the boot code being rewritten. This has worked well in the past, but today’s larger systems demand more storage and fl exibility. When the data protection function was initially created, only three block protection (BP) bits in the Flash IC’s status register were enough to specify the portion of the total memory array to be protected. For example, Winbond’s NOR Flash memory device uses status register bits BP0, BP1 and BP2. Three bits give eight options for selecting the size of the protected region, from as little as 1/64th of the array to as much as a half; see Figure 1. Using the 128Mbit Winbond W25Q128JV


as an example of modern storage, we can see a 1/64th portion would be 2Mbits. If only 50kbits boot code needs protection, a large area of memory would remain unusable. To solve this problem, Winbond has


introduced the SEC status register; shown far left in Figure 1. This bit allows the designer to specify protection at sector rather than block level, dividing the array into portions as small as 1/4096th – 32kbits for the W25Q128JV. Figure 2 (highlighted yellow) show another new feature in Winbond memories: the TB (top/bottom) register bit. By default (TB = 0), the allocation of block or sector protection starts at the bottom of the memory array of addresses as most CPUs boot from the bottom of the array. However, Intel CPUs boot from the top. So, Intel users can allocate memory addresses at the top of the array by confi guring TB = 1 in the status register.


24 October 2021 | Automation


Figure 1(above): the BPx bits in the status register of a NOR Flash device allow the user to specify the size of the protected region


Figure 2: The SEC register bit enables protection to be specified at the sector level


In some applications, the requirement for the storage of user data is nil or almost nil, and nearly all the memory array is occupied by boot and fi xed application code. Winbond’s Complement (CMP) bit feature reverses the protection setting asserted by the BP and SEC bits. If the BP bits are confi gured to protect a 1/64th portion of the memory array with the default setting of CMP = 0, when CMP = 1 protection will be applied to a 63/64th portion of the array. A hardware lock can be applied to the NOR Flash memory IC through the block/sector protection fi rmware settings through the WP pin. The status of the WP pin is controlled with the SRP (Status Register Protect) register bit. The WP pin protects the register settings that confi gure the program/erase protection of blocks and sectors via the BP and SEC register bits. Once the BP and SEC settings are made and the WP pin is asserted (WP = Low), no change to the BP and SEC settings may be made without pulling the WP pin high.


Serial NOR Flash devices, such as the


Winbond SpiFlash family, can guarantee that protected regions will never be programmed or erased after shipping, by applying a permanent lock to the block and sector protection register settings. Winbond requires a special instruction sequence to be followed to implement the Active Permanent Lock, which is only available by application to Winbond. A less permanent option is the Power Supply Lock-Down function, which has the same eff ect of locking the status register settings, but each time the device is powered down the status register lock is lifted. The register settings can then be changed when the device is powered on before the Power Supply Lock-Down is implemented again.


CONTACT:


Winbond Electronics Corporation www.winbond.com


automationmagazine.co.uk


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50