AVR-Chat

I’d like to verify my understanding of the proper fuse settings for a device
(ATMega16) to be shipped as a final product.  

I’m “shipping” some parts now but it’s a “friendly” beta environment so some
settings will be relaxed.  My understanding is that, just prior to shipping,
I should:

For a "friendly" environment (allows application area to be reprogrammed via

					the boot loader, not worried about
code protection):
	OCDEN:	Disable to reduce power consumption in low power sleep modes
	JTAGEN:	Disable, no OC level debugging expected in the field
	SPIEN:	Disable, no OC level debugging expected in the field
	BOOTRST:	Enable to allow field upgrading
	LB:		Programming & verification enabled
	BLB0:		SPM & LPM permitted in application section (for
field upgrades)
	BLB1:		SPM prohibited in boot section (to protect boot
loader from 
			being overwritten, LPM allowed-see BLB0 below)
	

For a "hostile" environment (to protect the code):
	OCDEN:	Disable to reduce power consumption in low power sleep modes
	JTAGEN:	Disable to protect the code
	SPIEN:	Disable to protect the code
	BOOTRST:	Disable to protect the code (no field upgrading)
	LB:		Programming & verification disabled
	BLB0:		SPM prohibited in application section (I assume that
LPM 
			must be left enabled to use flash-based constant
data?)
	BLB1:		SPM prohibited in boot section (LPM: see BLB0)

Did I miss anything?
 
Cheers,

Chuck Hackett
"Good judgment comes from experience, experience comes from bad judgment"
7.5" gauge Union Pacific Northern (4-8-4) 844
http://www.whitetrout.net/Chuck

At 01:32 PM 4/09/2009, you wrote:
>         SPIEN:  Disable, no OC level debugging expected in the field
>         SPIEN:  Disable to protect the code

You don't need to disable SPIEN, anyway you can't do it without
using HVPP if you disable JTAG. Once the lock-bits are enabled
then you can't read the chip with SPI without first erasing it.

CKOPT MUST be enabled for 8MHZ and up, many people will tell you
to enable at all times.

Regards

John Samperi

********************************************************
Ampertronics Pty. Ltd.
11 Brokenwood Place Baulkham Hills, NSW 2153 AUSTRALIA
Tel. (02) 9674-6495       Fax (02) 9674-8745
Website  http://www.ampertronics.com.au
*Electronic Design * Custom Products * Contract Assembly
********************************************************

--- In AVR-Chat@yahoogroups.com, "Chuck Hackett" <egroupscdh@...> wrote:

> ... proper fuse settings for a device
> ... to be shipped as a final product.  
> JTAGEN: Disable to protect the code
> SPIEN: Disable to protect the code

Why would you want to disable JTAG and SPI if you've used the lock bits to disable programming and verification?  It does no harm, but if a device comes back from the field and needs to be rescued, wouldn't you want these interfaces active to erase the device and reprogram it?

Graham.

> From: John Samperi
> 
> At 01:32 PM 4/09/2009, you wrote:
> >         SPIEN:  Disable, no OC level debugging expected in the field
> >         SPIEN:  Disable to protect the code
> 
> You don't need to disable SPIEN, anyway you can't do it without
> using HVPP if you disable JTAG. Once the lock-bits are enabled
> then you can't read the chip with SPI without first erasing it.

Understood

> CKOPT MUST be enabled for 8MHZ and up, many people will tell you
> to enable at all times.

Yup, I have it enabled (I'm using 8MHz).  I only listed fuses having to do
with protection/programming/power save.

Thanks for the confirmation ...
 
Cheers,

Chuck Hackett
"Good judgment comes from experience, experience comes from bad judgment"
7.5" gauge Union Pacific Northern (4-8-4) 844
http://www.whitetrout.net/Chuck

> From: ecros_technology
> 
> --- In AVR-Chat@yahoogroups.com, "Chuck Hackett" <egroupscdh@...>
> wrote:
> 
> > ... proper fuse settings for a device
> > ... to be shipped as a final product.
> > JTAGEN: Disable to protect the code
> > SPIEN: Disable to protect the code
> 
> Why would you want to disable JTAG and SPI ...

> if you've used the lock bits
> to disable programming and verification?  

By "disable verification", I assume you mean turning off LPM in the
application section in addition to disabling SPM functionality.  I'm
assuming that LPM functionality needs to be left enabled so that the
application code can use flash resident constant data?  Or, does "disabling
LPM" only disable LPM functionality through the On Chip Debug facility and
the application can still access flash data?

> It does no harm, but if a
> device comes back from the field and needs to be rescued, wouldn't you
> want these interfaces active to erase the device and reprogram it?

Hmm, guess you're correct there as long as OCDEN is off. 

... but, then again, if OCDEN is disabled in the field device (as, I assume,
it should be to protect the code).  If I recall correctly, enabling OCDEN
can only be done with a chip-erase which means the code needs to be
re-loaded so one would be debugging the chip and new flash code as opposed
to the code that was in the chip before.

BTW: Still love my Ice-Cube ...
 
Cheers,

Chuck Hackett
"Good judgment comes from experience, experience comes from bad judgment"
7.5" gauge Union Pacific Northern (4-8-4) 844
http://www.whitetrout.net/Chuck

--- In AVR-Chat@yahoogroups.com, "Chuck Hackett" <egroupscdh@...> wrote:

> By "disable verification", I assume
> you mean turning off LPM in the
> application section ...

No.  In your original post, you wrote (in part):
>> For a "hostile" environment (to protect the code):
>> (snip)
>> LB: Programming & verification disabled

I rather thought that once you have taken this step it is no longer possible to read the Flash via the SPI and JTAG interfaces.  Thus, it is safe to leave either or both enabled so that you can rescue a device if necessary by erasing it (which also prevents the Flash contents from being read by destroying it).

The following may not be what you want, but for information this is how I set the lock bits in the AVR ICE-Cube and other products with Flash loaders for field-update of firmware:

Mode 3:
- Further programming and verification disabled
Application Protection Mode 1:
- No lock on SPM and LPM in Application Section
Boot Loader Protection Mode 3:
- LPM and SPM prohibited in Boot Loader Section

My reasoning as as follows:

Mode 3 prevents the Flash contents from being read using any of the programming interfaces (SPI, JTAG, High-Voltage).

Boot Loader Protection Mode 3 prevents someone from writing an application that reads and dumps the Flash loader program.

If anyone can think of a way (short of high-effort die breaking) that either the Flash loader or the application could be read with these settings, I'd appreciate the heads up.

Graham.

> From: ecros_technology
> 
> ....
> I set the lock bits in the AVR ICE-Cube and other products with Flash
> loaders for field-update of firmware:
> ....

Thanks for the info Graham.  I'll put that in my "do before it goes out the
door" procedures :-)
 
Cheers,

Chuck Hackett
"Good judgment comes from experience, experience comes from bad judgment"
7.5" gauge Union Pacific Northern (4-8-4) 844
http://www.whitetrout.net/Chuck