3.2.5 User Configuration Block (UCB) Lockdown and Region Security

The UCB retains security and boot configuration bits, including the descriptors for Flash protection regions. The UCB contains the FWPUBC (write-protect), FEPUBC (erase-protect) and FIRT Bit (IRT Enable):

  • FWPUCB (User Configuration Block Write-Protect Word):
    • Programming this word prevents further write operations to the User Configuration Block (UCB), which contains the region descriptors and other security settings. Setting write-protect also disables erase of the UCB memory area.
  • FEPUCB (User Configuration Block Erase-Protect Word):
    • Programming this word prevents erasure of the UCB. Each configuration word can still be programmed once. After a configuration word is written, future writes are disabled.
  • FIRT Bit (IRT Enable):
    • The IRT feature is enabled by setting the FIRT bit in the UCB. When this bit is set, the IRT regions are protected and only accessible during IRT execution.

Until the UCB is fully locked down, the region configuration remains reprogrammable. This means that if the FWPUCB and FEPUCB words are not programmed, region descriptors (such as FPRnCTRL, FPRnST, FPRnEND) can be modified, added or removed.

While the UCB is unlocked, there is a risk that an attacker or unauthorized user with access to the device could alter or disable region protections, including IRT through reprogramming. This is for development so that regions are defined and behave in the expected way, but the device can be reprogrammed during development. For production, leaving the UCB unlocked can compromise the security of sensitive code and data. Once you program the FWPUCB and FEPUCB (both are One-Time Programmable fuses), the UCB becomes permanently locked. After this point, no further changes to region configuration are possible, ensuring that all protections, including IRT, are enforced and cannot be bypassed.

The UCB words can be set using #pragma config directives in the project’s configuration file (e.g., config_bits.c):

Making Region Definitions Permanent

// FIRT (IRT Enable Bit)
#pragma config FIRT = ON // Enable IRT protection

// FEPUCB (User Configuration Block Erase-Protect Word)
// Program to 0x84C1F396 to enable erase protection (One-Time Programmable)
#pragma config FEPUCB_EPUCB = 0x84C1F396

// FWPUCB (User Configuration Block Write-Protect Word)
// Program to 0x5B9B12E4 to enable write protection (One-Time Programmable)
#pragma config FWPUCB_WPUCB = 0x5B9B12E4