FreeCalypso > hg > freecalypso-tools
annotate doc/Flash-write-protection @ 997:67513b9446da
doc/Flash-write-protection: new article
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Mon, 04 Dec 2023 01:42:35 +0000 |
| parents | |
| children | 30fad2b3afd2 |
| rev | line source |
|---|---|
|
997
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
1 Some Calypso-based GSM MS designs (phones, modems, development boards) use |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
2 AMD-style (Spansion or Samsung) flash chips, while others use Intel flash. |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
3 In the case of Calypso devices that use Spansion or Samsung flash chips, all of |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
4 those chips support a rarely used feature: an ability to write-protect selected |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
5 flash sectors, disallowing erase and program operations in those areas. With |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
6 earlier AMD-style flash chips (actual AMD-branded ones prior to introduction of |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
7 Spansion brand, as well as Samsung K5A32xx used in Openmoko devices) this |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
8 sector-level write protection can only be applied or lifted by way of external |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
9 programming equipment, executing special commands with a high voltage applied |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
10 to one of the pins - hence when the chip resides on a product board, no new |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
11 sector locks can be applied. (We are not aware of any Calypso GSM device manuf |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
12 who locked some flash sectors and then populated the chip onto the board in |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
13 that state.) |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
14 |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
15 With newer Spansion and Samsung flash families, however, sector locks became |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
16 more easily accessible: they have Persistent Protection Bits (PPBs) which can |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
17 be programmed (locking a sector or a group of sectors) and erased (removing all |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
18 such locks) in-system under normal operating conditions, using only special |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
19 software commands. These flash chips also have "hard" locking modes: a Password |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
20 Sector Protection mode in which PPBs can only be modified after feeding a |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
21 matching 64-bit key to the chip, and an OTP "master lock" mode in which the |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
22 ability to erase PPBs is irreversibly disabled, locking all write-protected |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
23 sectors forever - but so far we (FreeCalypso community) have not yet encountered |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
24 any devices in which any of these "hard" locks have been activated. There is, |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
25 however, at least one Calypso-based phone out there (Sony Ericsson K2x0 family) |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
26 in which the shipping state of the device includes some flash sector locks - |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
27 but these locks are of the "soft" kind, removable by performing a PPB erase |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
28 operation which is not further blocked. |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
29 |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
30 As of fc-host-tools-r21, fc-loadtool provides support for programming and |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
31 erasing PPBs on select Spansion and Samsung flash chips, primarily aimed at |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
32 unlocking flash regions that have been write-protected by previous parties. |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
33 It is very helpful, however, to understand some theory before using these |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
34 commands, which the present document aims to explain. |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
35 |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
36 Spansion and Samsung flash chips that feature PPBs have one PPB per sector or |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
37 per sector group - some sectors are aggregated into groups (of 4 sectors max) |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
38 for the purpose of write protection control. All of these PPBs are contained |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
39 in one special-purpose non-volatile memory element inside the flash chip, and |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
40 this NV memory element behaves like a little flash sector of its own: it has a |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
41 program operation, affecting each PPB individually, and an erase operation that |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
42 affects all PPBs across the chip at once. (See How-flash-really-works article |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
43 for an explanation of program and erase operations.) The programmed state of a |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
44 PPB corresponds to the associated flash sector or sector group being locked |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
45 (write-protected), and the erased state of a PPB corresponds to the flash |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
46 location being unlocked (free to erase and program at will). |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
47 |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
48 fc-loadtool commands for manipulating PPBs are flash ppb-program and flash |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
49 ppb-erase-all; they are named in this manner (as opposed to a naming scheme |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
50 based on "lock/unlock" or "protect/unprotect") to emphasize the physical nature |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
51 of what they actually do in the flash chip. flash ppb-program command (or |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
52 flash2 ppb-program for the second bank of 16 MiB flash chips) addresses a |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
53 specific sector and programs that sector's PPB, causing the sector to become |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
54 write-protected; flash ppb-erase-all erases all PPBs across the flash chip, |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
55 causing the entire main flash array to become unlocked for write operations. |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
56 |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
57 The internal implementation of these PPB manipulation commands is very different |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
58 between PL-J and PL-N flash types, as required by the respective flash chip |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
59 families presenting a very different type of command interface for PPB |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
60 operations. The command interface implemented on Spansion PL-J family and at |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
61 least some Samsung flash chips (K5L29xx in particular) exposes the raw physics |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
62 of the flash (see How-flash-really-works article) to the user for PPB |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
63 operations, requiring flashing software tool developers to understand all of |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
64 that theory and implement it in practice. OTOH, the command interface for PPB |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
65 program and erase operations implemented on Spansion PL-N family (of which only |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
66 PL129N is usable with Calypso) brings these special operations into harmony with |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
67 ordinary flash programming and erasure procedures. We don't know (and may never |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
68 know) if Spansion aimed to simplify life for flash low-level driver implementors |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
69 or if internal advancements from PL-J to PL-N flash necessitated some changes |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
70 in physics-level program/erase algorithms and Spansion didn't feel like exposing |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
71 the internal details of their newer flash - but the practical implication for us |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
72 is that we had to implement two different code paths to support both ways of |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
73 performing these operations, as we need to support all flash chip types that are |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
74 found in Calypso GSM devices of different ages. |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
75 |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
76 It also needs to be noted that at least in Spansion PL-J and Samsung flash chips |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
77 the special non-volatile memory element that holds PPBs has a *very* limited |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
78 number of program-erase cycles: the datasheets we were able to find give a limit |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
79 of 100 (1e2) cycles for this special NV memory element, compared to 1e5 cycles |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
80 promised by the same datasheets for the main flash array. So please beware, |
|
67513b9446da
doc/Flash-write-protection: new article
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
81 and avoid needlessly cycling these write protection bits. |