Mitsubishi DS5000TK, DS907x SIP manual Software Control, Timed Access ±1

SECTION 8: SOFTWARE CONTROL

Introduction

Several features have been incorporated into the Secure Microcontroller to help insure the orderly execu- tion of the application software in the face of harsh elec- trical environments. Any microcontroller which is oper- ating in a particularly noisy environment is susceptible to loss of software control. Electrical transients such as a glitch on the clock or a noise spike on an I/O pin can cause software problems like the loss of key variables in internal registers and/or execution of code out of its log- ical sequence. Such transients can send the microcon- troller into an indefinite period of seemingly random soft- ware execution.

Timed Access, Watchdog Timer and CRC hardware features have been built in to help provide control and recovery under difficult operating conditions. The op- eration of these features is described below.

Timed Access

The Timed Access feature is provided to help insure controlled access by software to critical configuration bits in the Special Function registers. These protected bits may only be written through the execution of a spe- cific multiple instruction software sequence which in- volves the Timed Access register. This restriction is de- signed to help prevent a potentially catastrophic change in the configuration by an inadvertent write during times when software control has been lost.

In order to modify the protected bits listed in Table 8±1, a pattern of two bytes must first be written to the Timed

Access register at location 0C7h. The first write should be a value of 0AAh and the second should be a value of 55H. After this sequence is performed, the protected bits may be modified. Upon receiving a 0AAH in the Timed Access register, two timers are initiated. The first timer allows two instruction cycles to write a 55H. This means a one± or two±cycle instruction may be used. If 55H is not written within two cycles, Timed Access is re- set. The second timer requires that the protected bit be modified within four instruction cycles. Since this timer started prior to writing 55H, the remaining time depends on which type of instruction was used to write 55H. If a one±cycle instruction was used to write 55H, then three cycles remain to modify protected bits. In the same way, if a two±cycle instruction was used to write 55H, then two cycles remain. This is depicted in Figure 8±1. The following code sequences demonstrate this procedure.

In the rare case that back to back Timed Accesses are performed, the user must be aware that the four±cycle Timed Access window must close before another Timed Access can begin. This is only an issue if a one±cycle instruction is performed after the MOV TA, #55h instruc- tion, leaving one cycle remaining in the four±cycle count. The user can eliminate this problem by either using a two±cycle instruction after the MOV TA, #55h instruction, or by inserting one other instruction between the two Timed Access procedures. Violation this rule will result in a failure of the second Timed Access proce- dure, leaving the bit(s) unmodified.