I happened to overwrite the security code area (0x70 to 0x7A. By default 0xffff....ff) with my application code after wrongly modifying the linker directive file.
If I try flashing again, my debugger ID850QB asks for the security code in this area, and I dont what is in there.
So, I took the dump of the code I had flashed, its as below :
0x00000060 : 61 00 00 00 CA 5E FF 00 - 0B 06 01 FF F2 E5 21 06
0x00000070: 3A 00 00 00 61 00 00 00 - CA 5E FF 00 0B 06 01 FF
0x00000080 : D2 DD 21 06 3A 00 00 00 - 61 00 00 00 CA 5E FF 00
I tried giving 3A00000061000000CA5E and also reverse of it : 5ECA000000610000003A. Both dont work.
The V850 manual states "Bit 7 of 0000079H is the on-chip debug emulator enable flag (0: Disable, 1: Enable)". This bit seems is 0 in my case(5E).
Probably this is the reason.
Can somebody help get over this problem. I need to flash some other software ..
1. Is there any means to erase the flash (atleast the security code area) ?
2. Tools available : debugger ID850QB + Minicube on-chip debug emulator. Beagle board (I2C/SPI).
3. Or is there any other SW tool , easily available, cheap or preferably free, to erase this location.
4. Or any hardware means, like grounding any pin on the controller to clear the flash.
Eagerly awaiting your response.
There are two solutions to recover the device.
Use the Flash Programer (FP5):
This tool is intended for customers to use at end of line programming and is able to have the program downloaded into its memory. A simple button press without PC connection will allow reprogramming. See a link below:
Use the MINICUBE2:
This tool is less expensive. It does not have EMC protection for customer end of line programming and requires a PC connection to program the device. It should work well for recovering your device by using the QBprogrammer software (or Flash Programming tool Renesas Flash Programmer). See a link below:
I am not familiar with your board setup or available connections, so please read through the links provided and let me know if you have any questions.
Thanks for the answer gmiller.
Before we proceed to buy this product, one last time, Is there no other way to erase just this Security code are (0x70 to 0x7A) our selves ? Like Gnd a pin , or some such process..
Are you able to communicate to the device through some other method (CAN, SPI, etc) and put a secondary boot loader in the RAM? Then you may be able to use the boot swap feature to reprogram a primary boot loader. Details on this can been reviewed from the User Manual, section 30.5.2 Features: (1) Secure self programming (boot swap function)
There is no simple method to defeat the security ID. If there was some way to work around the security, it would not be very good security.