SLUUCY8 December 2023 BQ77307
The BQ77307 device includes two security modes: SEALED and FULLACCESS, which can be used to limit the ability to view or change settings.
In SEALED mode, most data and status can be read using commands and subcommands, but only selected settings can be changed. Data memory settings cannot be read or changed directly.
FULLACCESS mode includes SEALED mode functionality, adds the ability to execute additional subcommands, and provides capability to read and modify all device settings.
Selected settings in the device can be modified while the device is in operation through supported commands and subcommands, but in order to modify all settings, the device must enter CONFIG_UPDATE mode, which stops device operation while settings are being updated. After the update is completed, device operation is restarted using the new settings. CONFIG_UPDATE mode is only available in FULLACCESS mode.
The BQ77307 device implements a key-access scheme to move from SEALED to FULLACCESS mode. A unique set of keys must be sent to the device through the subcommand address (0x3E and 0x3F). The keys must be sent consecutively to 0x3E and 0x3F, with no other data written between the keys. Do not set the two keys to identical values, and it is recommended to not use keys which are identical to subcommand addresses. When in SEALED mode, the 0x12 Battery Status()[SEC1, SEC0] bits are set to [1, 1]. When the FULLACCESS keys are correctly received by the device, the bits are set to [0, 1]. The state [0, 0] is not valid and only indicates that the state has not yet been loaded. The state [1, 0] is also not valid.
The FULLACCESS keys are stored in data memory in Security:Full Access Key Step 1 and Security:Keys:Full Access Key Step 2. The access keys are changed during operation using the 0x0035 SECURITY_KEYS() subcommand. This subcommand enables a R/W of the 2 key words (4 bytes). Each word is sent in little endian order using this subcommand.
When using the codes by writing them to 0x3E and 0x3F, they must be sent in little endian order; therefore, if 0x1234 and 0x5678 are written as the FULLACCESS codes to 0x0035 SECURITY_KEYS(), then to unseal requires writing 0x34 and 0x12 to 0x3E and 0x3F, followed by writing 0x78 and 0x56 to 0x3E and 0x3F. The two codes must be written within 5 s of each other to succeed.
To read the keys (only available in FULLACCESS mode, assume for example the keys are 0x1234 0x5678):
To write the keys (only available in FULLACCESS mode):
To set the device into SEALED mode when initially powering up, the Security:Security Settings[SEAL] configuration bit must be programmed into OTP. During operation, a device in FULLACCESS mode can be put into SEALED mode by sending the 0x0030 SEAL() subcommand.
The BQ77307 device includes additional means to limit further modification of device settings. If the Security:Security Settings[LOCK_CFG] configuration bit is set, the data memory settings can no longer be modified when the device exits CONFIG_UPDATE mode. If the Security:Security Settings[PERM_SEAL] bit is set, the device cannot be unsealed after it has been sealed. If these bits are not set in OTP, the settings are lost on a full reset and the device is again able to unseal and modify data memory.
The catalog, uncustomized BQ77307 device is by default in FULLACCESS mode, so all settings can be configured in registers by the customer. If a customized, preprogrammed device is developed by TI, and the device is intended to only be used in standalone mode, then it can be preprogrammed with the Security:Security Settings[PERM_SEAL] bit set, such that settings can never be changed. If instead the customer wants the option to change settings on their production line or in the field, then the customer can use custom preprogrammed security keys to unseal the device and make changes, then can reseal the device again.