Soft reload of a ds5000 series device – Maxim Integrated Secure Microcontroller User Manual

Secure Microcontroller User’s Guide

29 of 187

advantages of a secure microcontroller is the ability to change these settings, and even reload the entire
program memory while the device is installed in system. To completely re-program and re-configure a
device, the bootstrap loader must be invoked. However, the secure microcontroller is designed to allow a
partial reload of memory without invoking the bootstrap loader.

The major advantage of this technique is that it requires no hardware or external switches. Most of the
memory can be reprogrammed under application software control. It would commonly be used when the
target system connects to a PC through a serial port as part of an application, e.g., a data logger that must
dump memory periodically. While connected to the PC, it is extremely easy to reload portions of memory
using the “soft reload.”

Application software always has unrestricted read/write access to the NV RAM designated as data
memory. This is the memory that lies above the partition address and below the range address (the
nonpartitionable configuration of the DS5001/DS5002 is addressed separately). Data memory is read or
written using MOVX instructions. Only the area designated as program memory cannot be altered. The
key to doing a soft reload is to temporarily change the program memory RAM into data memory. Using
an SFR, the application software can authorize the secure microcontroller to temporarily redefine a
portion of the program memory area as data memory. Once this is done, the new code can be received
through a serial port (or other means) and written into data memory. When the process is complete and
the new memory is verified as correct, software converts the RAM back into write-protected program
memory for the duration. As with the memory map control, there are minor differences between the
DS5000 series and DS5001/DS5002 series devices in how this is accomplished.

Soft Reload of a DS5000 Series Device

When application software decides that it should reprogram a portion of memory, the software must
convert the target area into data memory. The DS5000 does this when software sets the PAA bit
(MCON.1) to a logic 1. PAA is the partition access-enable bit, which is protected from accidental
modification by the timed-access procedure. Timed access is discussed in a later section. When PAA = 1,
the microcontroller automatically moves the partition to 0800h and allows write access to the partition
control bits PA3–0 (MCON.7–4). At this time, the software can adjust the partition, but the new value is
not used until after PAA is cleared. The partition remains at 0800h as long as PAA = 1, regardless of the
partition control bits. This leaves a 2kB block of NV RAM (from 0000–0800h) assigned as program
memory. Apart from this, no other changes take place and software continues to operate normally.
Caution: Make certain that the code that controls the PAA resides in this first 2kB. When PAA = 1, all
addresses on the bytewide bus greater than 0800h are viewed as data memory and cannot be executed,
even if they were program memory originally. This gives the software read/write access to the remaining
6kB (range = 8kB) or 30kB (range = 32kB) of NV RAM on the bytewide bus.

At this time, software can begin reloading the target area of memory. There are two minor variations of
this procedure. First, a user’s loader routine that resides below 0800h (2kB) can reprogram the remainder
of memory as needed. This is done be receiving the new code through a serial port or other mechanism
and writing it to the RAM at the addresses where it will be executed. Since the RAM is data memory, the
write operation is done using MOVX instructions.

The second option is that the user’s code below 2kB can simply move the partition to a new value. This is
done by writing a new value for PA3–0 in MCON (MCON.7–4) while PAA is still set to 1, then clearing
PAA. The purpose of this would be that the loader routine mentioned in option 1 resides in memory
above 2kB, but below the target memory area. To gain access, the partition must be moved to a location