Your "One-Stop-Shop" for your next Embedded Project

Stacks Image 17282

Authorized Flashing Security Feature


Authorized Flashing allows to limit the number of flash programming cycles and to protect the Flasher against non-authorized access in case of external production.

By help of the “Authorized Flashing” feature, a maximum number of programming cycles can be set while the Flasher is configured for production, thereby limiting the number of devices that the firmware can be transferred to. Companies, which have contracted out production, can thus protect themselves against the third party producing more than the targeted number of devices and selling them on their own account. The production facility has no possibility to change the configuration.

Current Flashers support the creation of what is called a secure area which allows to pre-configure the Flasher with a given setup and then give it to external production facilities etc. without the possibility to read out the Flasher contents via MSD, FILE I/O functionality (J-Link Commander) or RS232 commands.

Once the pre-defined number is exhausted, the Flasher must be re-programmed to start a new programming cycle. This has to be carried out by the owner of the Intellectual Property directly on the Flasher.

Creating the secure area


By default, Flashers are shipped with a public area only (full Flasher flash size accessible via MSD etc.). The secure area has to be activated / created once, to make use of it. This will reserve half of the Flasher storage size for the secure area, i.e. around 64 MB for current models. The secure area can be removed at any time, thus releasing the full flasher storage to the public area again. The secure area can be created or removed via J-Link Commander, which is part of the software package that comes with the Flasher.

The following secure area related commands are available in J-Link Commander:

  • securearea create
  • securearea remove

When creating or removing the secure area, all configuration and data files being stored on the Flasher are lost. Therefore it has to be made sure they are not needed anymore, before adding or removing the security area.

Moving files to the secure area


Before moving configuration + data to the secure area, proper functionality of the setup should be tested in stand-alone mode. Once the setup is working as expected, do the following, to move the configuration + data into the secure area:

  • Start Flasher in MSD mode

    page42image10120


  • Create a folder "_SECURE"
  • Move all files that shall be moved to the secure area into this folder

    page42image10552


  • Reboot Flasher (Do not enter MSD mode again. Otherwise, contents will not be moved). Depending on the configuration and data file size, it may take a while before the Flasher Power LED is lit. Once it lits, all contents have been moved to the secure area and the _SECURE folder in the public area has been deleted.
  • Now Flasher can be used in stand-alone mode, as normal, but the files cannot be read back by the user/operator.

Considerations to be taken when using the secure area


When using the secure area, some things need to be considered:

  • All features like multiple file support, patch file support etc. can also be used when operating from the secure area.
  • The secure area cannot be read back by any utility. Solely the FLASHER.LOG is always placed and updated in the public area, even when Flasher operates from the secure area.
  • If there is any file/folder in the public area, except the FLASHER.LOG and there is also any configuration / data present in the secure area, stand-alone flashing will fail because it is not unambiguous which configuration / data shall be used. In such cases, Flashers with Ethernet / RS232 interface will output an appropriate error message on programming. All Flasher models will output an appropriate error message in the FLASHER.LOG.
  • Moving files from the public into the secure area can be done multiple times. Each time files are moved from the public area to the secure area, all contents of the secure area are erased first, to make sure that no previous configuration is present there.