Software control, 1 timed access, Imed – Maxim Integrated Secure Microcontroller User Manual
Page 68: Ccess
Secure Microcontroller User’s Guide
68 of 187
8. SOFTWARE CONTROL
Several features have been incorporated into the secure microcontroller to help ensure the orderly
execution of the application software in the face of harsh electrical environments. Any microcontroller
that is operating in a particularly noisy environment is susceptible to loss of software control. Electrical
transients such as a glitch on the clock or a noise spike on an I/O pin can cause the loss of key variables in
internal registers and/or execution of code out of its logical sequence. Such transients can send the
microcontroller into an indefinite period of seemingly random software execution.
Timed access, watchdog timer, and CRC hardware features have been built in to help provide control and
recovery under difficult operating conditions. The operation of these features is described below.
8.1 Timed Access
The timed-access feature is one of two levels of protection for critical SFR bits. For critical bits that
might need to be modified during normal operation, the timed-access procedure protects against an
inadvertent write operation. These bits may only be modified through the execution of a specific multiple
instruction software sequence that involves the timed-access register (TA; C7h). This restriction prevents
a potentially catastrophic change in the configuration by an inadvertent write during times when software
control has been lost.
In order to modify the protected bits listed in
, a pattern of two bytes must first be written to the
timed-access register. The first write should be a value of 0AAh and the second should be a value of 55h.
After this sequence is performed, the protected bits may be modified. Upon receiving a 0AAh in the
Timed-access register, two timers are initiated. The first timer allows two instruction cycles to write a
55h. This means a one- or two-cycle instruction can be used. If 55h is not written within two cycles,
timed access is reset. The second timer requires that the protected bit be modified within four instruction
cycles. Since this timer started prior to writing 55h, the remaining time depends on which type of
instruction was used to write 55h. If a one-cycle instruction was used to write 55h, then three cycles
remain to modify protected bits. In the same way, if a two-cycle instruction was used to write 55h, then
two cycles remain. This is depicted in
and demonstrated in the accompanying code.
In the rare case that back-to-back timed accesses are performed, the user must be aware that the 4-cycle
timed-access window must close before another timed access can begin. This is only an issue if a 1-cycle
instruction is performed after the MOV TA, #55h instruction, leaving one cycle remaining in the 4-cycle
count. The user can eliminate this problem by either using a 2-cycle instruction after the MOV TA, #55h
instruction, or by inserting another instruction between the two timed-access procedures. Violating this
rule results in a failure of the second timed-access procedure, leaving the bit(s) unmodified.