Safeguarding boot code and other critical data: how little-known data protection settings in NOR Flash can help improve system reliability

This article describes a number of features of the operation of SpiFlash NOR Flash memories from Winbond which may be used to protect critical data. These protection features help designers to avoid the risk that their system will be disabled because of bit errors caused by noise, or because a host SoC mistakenly overwrites critical data.

By Ken Lin, Deputy Director of Flash Memory Technical Marketing and Application Engineering, Winbond Electronics Corporation,

SPI NOR Flash is the electronics design engineer’s favourite memory type for low-density, high-reliability storage of application code and data in embedded systems with a storage requirement of up to 512Mbits.

To facilitate broad adoption across the industry, NOR Flash memory technology follows certain standards, for instance governing the serial interface to a host microcontroller or SoC. One of these standard features is the way in which NOR Flash allows the system designer to configure protection of stored data. Protection may be applied to a specified fraction of the entire memory array in which mission-critical data is stored: most often, this is boot code, since if boot code were impaired or lost, the entire system would be disabled.

Protection helps to ensure that data in protected blocks is not corrupted, for instance by noise, or mistakenly erased and overwritten by a faulty operation implemented by the host system. If an Erase or Program command specifies a memory region that contains a protected block, this command will be ignored. In other words, protected blocks are tagged as Read-only memory.

The way in which the standard approach to data protection was implemented many years ago in NOR Flash has more recently, however, begun to constrain designers’ flexibility in their use of the higher-density memory devices available today. This has prompted Winbond to introduce new, proprietary extensions to the standard protection functions to give more control over the block size and the operation of the protection function. This article describes the reason for introducing these new features, and outlines their uses for system designers who use NOR Flash memory.

Increase in protected block sizes

When the data protection function was created many years ago, NOR Flash memory densities were much smaller than they are today. At that time, just three Block Protection (BP) bits in the Flash IC’s status register were enough to specify the portion of the total memory array that needed to be protected. In a Winbond NOR Flash memory device’s datasheet, these status register bits are shown as BP0, BP1 and BP2. These three bits give eight options for selecting the size of the protected region, from as little as 1/64th of the array to as much as ½.

Fig. 1: The BPx bits in the status register of a NOR Flash device allow the user to specify the size of the protected region. (Source: Winbond W25Q128JV datasheet)

So the maximum granularity available to the user is 1/64th of the total array. The problem today is that embedded systems require more storage than before, and Flash memory manufacturers have responded by providing products with larger memory capacity. The Winbond W25Q128JV, for instance, is a 128Mbit memory: a 1/64th portion is 2Mbits. But what if the system designer only needs to apply protection to boot code, and not to any other code or data? And the boot code is just 50kbits?

In this case, a protected region of 2Mbits would store just 50kbits of code, and so – because the region has Program and Erase protection – most of the protected block will remain empty.

Now Winbond has introduced a new feature to solve this problem: it is the ‘SEC’ status register bit shown at the far left in Figure 1. This SEC bit allows the designer to specify protection at the sector rather than the block level. As Figure 2 shows, this divides the array into portions as small as 1/4096th – 32kbits in the W25Q128JV part, for instance. This gives the designer the flexibility to protect very small pieces of critical code, such as boot code, while leaving almost all of the memory array free of Program/Erase protection and available for storage of any other code and data.

Fig. 2: The SEC register bit enables protection to be specified at the sector level. (Source: Winbond W25Q128JV datasheet)

Figure 2 also shows, highlighted in yellow, another feature introduced by Winbond: the TB (Top/Bottom) register bit. By default (TB=0), the allocation of block or sector protection starts at the bottom of the memory array of addresses. This is because most CPUs boot from the bottom of the array, so the protected region holding boot code should be located at the bottom for the fastest operation and the most efficient use of main memory.

Intel CPUs, however, boot from the top. So with the TB bit, Winbond gives users of Intel devices the option to allocate memory addresses at the top of the array for block or sector protection, by configuring TB=1 in the status register.

Applying block protection to almost an entire array

In standard NOR Flash memory ICs, the option to configure blocks for Program/Erase protection starts with the smallest 1/64th increment, and enables protection for up to half of the array, as shown in Figure 2. In some applications, however, the requirement for storage of user data is nil or almost nil, and nearly all the memory array is occupied by boot and fixed application code. An example of such an application is a TV remote control: here, only a small amount of unprotected memory space is required for infrequent end-user configuration settings (for instance to pair the remote control to a new media device). Nearly all the memory space is for application code, which will not change and so benefits from Program/Erase protection.

A status register bit provided by Winbond meets this application requirement. It is the Complement (CMP) bit: this reverses the protection setting asserted by the BP and SEC bits. If the BP bits are configured to protect a 1/64th portion of the memory array with the default setting of CMP=0, when CMP=1 protection will be applied to a 63/64th portion of the array, and only 1/64th will remain unprotected.

Reinforced protection with hardware lock on status register settings

To provide additional confidence in the protection of critical data such as boot code, a NOR Flash memory IC can apply a hardware lock to the block/sector protection firmware (register) settings. This is achieved via the WP pin (see Figure 3). The status of the WP pin is controlled with the SRP (Status Register Protect) register bit.


Fig. 3: pin assignments on the W25Q128JV SOIC package, showing the Write Protect (WP) pin. (Source: W25Q128JV datasheet)



Some users might be familiar with the WP pin in parallel Flash devices, which has a simple Write Protect function. The function of the WP pin in serial NOR Flash devices is different: it protects the register settings that configure the Program/Erase protection of blocks and sectors via the BP and SEC register bits. Once the BP and SEC settings are made and the WP pin is asserted (WP=Low), no change to the BP and SEC settings may be made without pulling the WP pin High.

The ultimate protection of critical data

Users of serial NOR Flash devices such as the Winbond SpiFlash® series of products can guarantee that protected regions will never be programmed or erased after shipment from the factory – effectively turning protected blocks into one-time programmable (OTP) memory space.

This is achieved by applying a permanent lock to the block and sector protection register settings. The so called Active Permanent Lock can be applied with the SRL (Status Register Lock) register bit. This permanently, irrevocably locks the data in protected blocks. If a bug is found in protected code in future, or an important security update needs to be applied in the field, it cannot be done if the Active Permanent Lock has been implemented. This is a serious consequence, and so Winbond requires a special instruction sequence to be followed to implement Active Permanent Lock, which is only available by application to Winbond – the instructions are not listed in the datasheet.

For most users, a better option is the Power Supply Lock-Down function: this has the same effect of locking the status register settings when the device is active, but each time the device is powered down the status register lock is lifted. This leaves a window open to change the register settings every time the device is powered on before the Power Supply Lock-Down is implemented again.

Enhanced data protection with advanced Flash features

This article has described a number of features of the operation of SpiFlash NOR Flash memories from Winbond which may be used to protect critical data. These protection features help designers to avoid the risk that their system will be disabled because of bit errors caused by noise, or because a host SoC mistakenly overwrites critical data.

The range of options for protecting data, and for locking the protection settings, is not necessarily well known even by long-standing users of NOR Flash memory devices. System designers can take advantage of them to improve the reliability of their products’ field operation, simply by using the full array of register settings provided by Winbond in SpiFlash NOR Flash devices.

Please contact if you have any further questions.


Slimming program for medical operating devices

Operating devices in the medical sector are not only subject to strict controls and requirements. Nowadays design demands are becoming more and more important for developers of medical HMI devices. De...


nVent Schroff at Embedded World 2019

The theme of the nVent Schroff booth at Embedded World 2019 was “Experience Expertise – Modularity, Performance, Protection and Design”. Join us as our experts give an overview of th...

Garz & Fricke Interview at Embedded World 2019 with Dr. Arne Dethlefs: We are strengthening our presence in North America

Through its US subsidiary, located in Minnesota, Garz & Fricke is providing support for its growing HMI and Panel-PC business in the USA and Canada while also strengthening its presence in North A...

SECO's innovations at embedded world 2019

In a much larger stand than in previous years, at embedded world 2019 SECO showcases its wide range of solutions and services for the industrial domain and IoT. Among the main innovations, in this vid...

Design and Manufacturing Services at Portwell

Since about two years Portwell is part of the Posiflex Group. Together with KIOSK, the US market leader in KIOSK systems, the Posiflex Group is a strong player in the Retail, KIOSK and Embedded market...

Arrow capabilities in design support

Florian Freund, Engineering Director DACH at Arrow Electronics talks us through Arrow’s transformation from distributor to Technology Platform Provider and how Arrow is positioned in both, Custo...

Arm launches PSA Certified to improve trust in IoT security

Arm’s Platform Security Architecture (PSA) has taken a step forward with the launch of PSA Certified, a scheme where independent labs will verify that IoT devices have the right level of securit...

DIN-Rail Embedded Computers from MEN Mikro

The DIN-Rail system from MEN is a selection of individual pre-fabricated modules that can variably combine features as required for a range of embedded Rail Onboard and Rail Wayside applications. The ...

Embedded Graphics Accelerates AI at the Edge

The adoption of graphics in embedded and AI applications are growing exponentially. While graphics are widely available in the market, product lifecycle, custom change and harsh operating environments...

ADLINK Optimizes Edge AI with Heterogeneous Computing Platforms

With increasing complexity of applications, no single type of computing core can fulfill all application requirements. To optimize AI performance at the edge, an optimized solution will often employ a...

Synchronized Debugging of Multi-Target Systems

The UDE Multi-Target Debug Solution from PLS provides synchronous debugging of AURIX multi-chip systems. A special adapter handles the communication between two MCUs and the UAD3+ access device and pr...

Smart Panel Fulfills Application Needs with Flexibility

To meet all requirement of vertical applications, ADLINK’s Smart Panel is engineered for flexible configuration and expansion to reduce R&D time and effort and accelerate time to market. The...

Artificial Intelligence

Morten Kreiberg-Block, Director of Supplier & Technology Marketing EMEA at Arrow Electronics talks about the power of AI and enabling platforms. Morten shares some examples of traditional designin...

Arrow’s IoT Technology Platform – Sensor to Sunset

Andrew Bickley, Director IoT EMEA at Arrow Electronics talks about challenges in the IoT world and how Arrow is facing those through the Sensor to Sunset approach. Over the lifecycle of the connected ...

AAEON – Spreading Intelligence in the connected World

AAEON is moving from creating the simple hardware to creating the great solutions within Artificial Intelligence and IoT. AAEON is offering the new solutions for emerging markets, like robotics, drone...

Arrow as a Technology Provider drive Solutions selling approach

Amir Sherman, Director of Engineering Solutions & Embedded Technology at Arrow Electronics talks about the transition started couple of years ago from a components’ distributor to Technology...

Riding the Technology wave

David Spragg, VP, Engineering – EMEA at Arrow Electronics talks about improvements in software and hardware enabling to utilize the AI capabilities. David shares how Arrow with its solutions is ...

ASIC Design Services explains their Core Deep Learning framework for FPGA design

In this video Robert Green from ASIC Design Services describes their Core Deep Learning (CDL) framework for FPGA design at electronica 2018 in Munich, Germany. CDL technology accelerates Convolutional...

Microchip explains some of their latest smart home and facility solutions

In this video Caesar from Microchip talks about the company's latest smart home solutions at electronica 2018 in Munich, Germany. One demonstrator shown highlights the convenience and functionalit...

Infineon explains their latest CoolGaN devices at electronica 2018

In this video Infineon talks about their new CoolGaN 600 V e-mode HEMTs and GaN EiceDRIVER ICs, offering a higher power density enabling smaller and lighter designs, lower overall system cost. The nor...

Analog Devices demonstrates a novel high-efficiency charge pump with hybrid tech

In this video Frederik Dostal from Analog Devices explains a very high-efficiency charge-pump demonstration at their boot at electronica 2018 in Munich, Germany. Able to achieve an operating efficienc...