Flash Management for Firmware Development
522
SNIU028A – February 2016 – Revised April 2016
Copyright © 2016, Texas Instruments Incorporated
Flash Memory Programming, Integrity, and Security
17.3.3.2 GPIO Line Based Backdoor
Using a general purpose I/O line is simpler, as the line can be dedicated to this function, but it does
require a free line available. It will also require a pull up or down and a test point to override the pull up or
pull down.
However, it is often useful to have a free I/O line available for development. It is very useful for
instrumenting code. It can be used to indicate internal events to monitor timing and trigger oscilloscopes.
Since the line is only checked at reset for the backdoor, it can then be used for other functions once the
program is started.
17.3.3.3 Other Options for I/O Backdoors
There are many other creative options for backdoors if I/O lines are very constrained. An ADC input can
be set to an out of normal range value. As suggested above, an I/O line can perform a backdoor function
at the beginning of the code and some other function after startup.
17.3.4 Communications Backdoors
Communications backdoors add a message to an existing communications port already used in the
application. Typically this is the PMBus interface, but it could be any communications interface.
The standard TI firmware generally supports a simple communications backdoor with a PMBus D9
command used to clear the flash checksum. For added security, this could be changed so that it erases
the flash instead. The command code could be changed. In addition, more bytes could be added to the
command sequence, requiring a multi-byte checksum for flash changes.
The serial port could also be used in a similar way.
Advantages:
1. Requires no additional I/O pins
2. Can support password security
Disadvantages:
1. If firmware locks up, the backdoor can also stop working
17.3.4.1 Cautions for Using Communications Backdoors
Since a firmware bug can lock up the communications backdoor very easily, always test the backdoor
before setting the checksum up for auto startup. Every time the firmware is changed, retest the backdoor.
17.4 Flash Management in Production
In production, the goals are different. A secure backdoor is desired, but it must also be reliable. Firmware
bugs which prevent backdoor access are less of a concern. All of the firmware, including the backdoor
should be well tested before release to production.
The best firmware backdoor is a communications channel based backdoor with a long password, as
described above. It could even be a sequence of multiple commands, if desired.