SPECIFICATION CAN ISP In-system Programming Products - CAN Protocol Stack for C51 1. Introduction 1.1. Overview This document describes the CAN Protocol used to program the Flash code memory of the T89C51CCxx family of microcontrollers from Atmel Wireless & Microcontrollers. This protocol is implemented in the on-chip bootloader and can be implemented by any user with any CAN PC board. Atmel Wireless & Microcontrollers provides a software "FLIP" which can be downloaded from Atmel - Wireless & Microcontrollers website (http://www.atmel-wm.com). This software manages all devices and protocols supported by Atmel Microcontrollers and to support this protocole a CAN board must be added to the FLIP. 1.2. Acronyms ISP: In-System Programming CAN: Controller Area Network (BOSCH Standard) SBV: Software Boot Vector BSB: Boot Status Byte NNB: Node Number Byte SSB: Software Security Bit EB: Extra Byte API: Application Program Interface FLIP: FLexible In-system Programmer CRIS: CAN Relocatable Identifier Segment Rev 1.0 - 17 May 2001 1 Preliminary SPECIFICATION CAN ISP 1.3. Description of The Uses * First use: When you first receive the chip, only the on-chip bootloader with default values are available. The default baudrate is 500 kbytes for an oscillator frequency of 12 MHz. This configuration allows you to download software using the ATMEL C51 Demo board with the CAN board extension. Default CAN identifier messages are used to manage this protocol and the value FFh is assigned to NNB. Note that by ISP all identifiers can be changed as well as CAN configuration and NNB. RS232 Interface board between PC and CAN network Host Cristal 12 MHZ C51 DEMO BOARD T89C51CC01 CAN BOARD EXTENSION Figure 1. Point to point connection * Configuration by user: * NNB: The NNB allow to allocate an numer for each node. * CRIS: To redifine new value for CAN identifier * CAN bit timming Note that all nodes connected to the CAN network must be assigned a unique NNB value. After this init you can use ISP directly on a network. NNB = 01h Node 1 Interface board between PC and CAN network Host NNB = 02h Node 2 NNB = 03h Node 3 NNB = n Node n Figure 2. Network connection 2 Rev 1.0 - 17 May 2001 Preliminary SPECIFICATION CAN ISP 2. Protocol Description 2.1. Physical Layer The CAN used to transmit information over the CAN line has the following default configuration: * Standard Frame: identifier 11-bit * Baudrate: 500kbit/s: BTC_1 = 00h BTC_2 = 04h BTC_3 = 36h for an oscillator frequency of 12 MHz. 2.2. Frame Description The Figure 3 shows resume overview of CAN frame. Identifier 11-bit Control 1 byte Data 8 bytes max Figure 3. CAN frame description * Identifier: Identifier identifies the frame (or message). This field has a 11-bit length in standard mode. * Control: Control contains the DLC information (number of data in Data field) 4-bit. * Data: Data field consists of zero to eight bytes. The interpretation within the frame depends on the Identifier field. The CAN Protocol manage directly by hardware a checksum and an acknowledge. Note: For describe the ISP CAN Protocol, we use Symbolic name for Identifier, but defaults value are given Table 2.3. Rev 1.0 - 17 May 2001 3 Preliminary SPECIFICATION CAN ISP 2.3. Command Description To manage this protocole we defined several CAN message identifiers. On the first used default value are defined but the user can change the start address of the package of these identifier writing a value in CRIS byte. Identifier ID_SELECT_NODE ID_PROG_START ID_PROG_DATA Command Effect Default Value Open/Close a communication with a node 00h Start a flash programming 01h Data for flash programming 02h Display data 03h ID_WRITE_COMMAND Write in XAF, or Hardware Byte 04h ID_READ_COMMAND Read from XAF or Hardware Byte and special data 05h Error message from bootloader only 06h ID_DISPLAY_DATA ID_ERROR Table 1. CAN message Identifiers It is possible to allocate new value for CAN ISP identifiers by writing the byte CRIS with the base value for the group of identifier (see Figure 4). The maximum value for CRIS is 3Fh CAN Identifiers 3FFh CAN ISP identifiers ID_error ID_read_command ID_write_command ID_display_data ID_prog_data ID_prog_start ID_select_node group of 7CAN messages used for manage CAN ISP [CRIS]0h 000h Figure 4. CRIS functionality 4 Rev 1.0 - 17 May 2001 Preliminary SPECIFICATION CAN ISP 2.3.1. ID_SELECT_NODE This frame allows to open or close a communication between the Host and the node target. On answer of this frame, the bootloader version is returned. 1. Request from Host Identifier Length data[0] ID_SELECT_NODE 1 num_node * The value pasted in data[0] is the node number in the network This node number is stored in NNB (Node Number Byte). 2. Answer from Target Identifier ID_SELECT_NODE Length data[0] 2 boot_version data[1] Comment 00h Communication close 01h Communication open * data[0] contains the bootloader version. If the communication is closed then all the others messages won't be managed by bootloader. Rev 1.0 - 17 May 2001 5 Preliminary SPECIFICATION CAN ISP 2.3.2. ID_PROG_START This frame initialize the flash programming. 1. Request from Host Identifier Length ID_PROG_START 5 data[0] 00h 01h data[1] data[2] address_start data[3] data[4] address_end * The value pasted in data[0] give if the programing request is on the flash area or on EEPROM data area: - 00h: Init Flash Programing - 01h: Init EEPROM data Programing * The values pasted by address_start give the start address to programming command. * The values pasted by address_end give the last address of the programming command. 1. Answer from Targett Identifier Length ID_PROG_START 0 The target answer with none data to acknoledge the request from Host. Only after received answer the host can start to send data to write in user Flash. 6 Rev 1.0 - 17 May 2001 Preliminary SPECIFICATION CAN ISP 2.3.3. ID_PROG_DATA This frame allows to send data to program in Flash or EEPROM data memory. 1. Request from Host Identifier Length data ID_PROG_DATA n data * This frame has a variable length up to 8 data byte. 2. Answer from Target Identifier ID_PROG_DATA Length 1 data[0] Comment 00h Command ok 01h Command fail 02h Command new data Rev 1.0 - 17 May 2001 7 Preliminary SPECIFICATION CAN ISP 2.3.4. ID_DISPLAY_DATA This frame allows to read the contain of the flash or EEPROM data memory (dump memories) or perform a blank check. 1. Request from Host Identifier Length ID_DISPLAY_DATA 5 data[0] data[1] data[2] data[3] data[4] 00h 01h start_address end_address 02h * The value pasted in data[0] give if is a display frame or Blank check frame: - 00h: Flash Data Display - 01h: Blank check - 02h: EEPROM Data Display * The values pasted by add_start_high and add_start_low give the start address bloc to read. * The values pasted by add_end_high and add_end_low give the last address of the bloc. NOTE: After an ID_DISPLAY_DATA request message we need have ID_DISPLAY_DATA messages from the target. 2. Answer from Target for a display request This frame has a variable length up to 8 datas. Identifier Length datas ID_DISPLAY_DATA n (1-8) datas Comment Display command ok 3. Answer from Target for a Blank check request For an answer of Blank Check, return the first not blank address else return no data. Identifier ID_DISPLAY_DATA Length data[0] data[1] 0 Not used Not used Blank Check OK 2 add_start_high add_start_low Blank Check KO 8 Comment Rev 1.0 - 17 May 2001 Preliminary SPECIFICATION CAN ISP 2.3.5. ID_WRITE_COMMAND This command allows to write a byte in a specific array. 1. Request from Host Identifier Length 2 data[0] data[1] 00h data[2] data[3] 00h Erase block0 (0k to 8k) 20h Erase block1 (8k to 16k) Not used 40h Not used FFh ID_WRITE_COMMAND 3 01h 00h Write Value in BSB 01h Write Value in SBV 05h Write Value in SSB 06h Write Value in EB 1Ch 2 4 02h 03h Erase block2 (16k o 32k) Full Chip Erase Value Not used 1Dh 3 Comment Write BTC_1 Write BTC_2 1Eh Write BTC_3 1Fh Write NNB 20h Write CRIS 00h Value Not used Write Value Byte(Fuse) 00h Not used Not used Hardware Reset 01h address Hardware LJMP address 2. Answer from Target Identifier Length data[0] ID_WRITE_COMMAND 0 00h Rev 1.0 - 17 May 2001 Comment command ok 9 Preliminary SPECIFICATION CAN ISP 2.3.6. ID_READ_COMMAND This command allows to read a byte in a specific array. 1. Request from Host Identifier Length data[0] 2 00h data[1] ID_READ_COMMAND 2 01h 1 02h Comment 00h Read Bootloader Version 01h Read Device boot ID1 02h Read Device boot ID2 00h Read BSB 01h Read SBV 05h Read SSB 06h Read EB 1Ch Read BTC_1 1Dh Read BTC_2 1Eh Read BTC_3 1Fh Read NNB 20h Read CRIS 30h Read Manufacturer Code 31h Read Family Code 60h Read Product Name 61h Read Product Revision 00h Read Hardware Byte (Fuse) 2. Answer from Target Identifier Length data[0] ID_READ_COMMAND 1 Value The Value corresponds at the specific read function send just before. 10 Rev 1.0 - 17 May 2001 Preliminary SPECIFICATION CAN ISP 2.3.7. ID_ERROR This frame is only sent by the Target. Identifier Length data[0] Description ID_ERROR 1 00h Software Security Error * Software Security Error, when the Host wants executed a command protected by SSB the target return this message. Rev 1.0 - 17 May 2001 11 Preliminary SPECIFICATION CAN ISP 2.4. Resume of Frames From Host Identifier length data[0] data[1] data[2] data[3] data[4] Description Id_select_node 1 num_node - - - - Open / Close communication Id_prog_start 5 Id_prog_data n 00h 01h start_address Init Flash programming end_address Init EEPROM programming data[0:8] Data to program 00h Id_display_data 5 01h Display Flash Data start_address end_address Blank Check in Flash 02h 2 Id_write_command 3 00h 01h Display EEPROM Data 00h - - - Erase block0 (0k to 8k) 20h - - - Erase block1 (8k to 16k) 40h - - - Erase block2 (16k to 32k) FFh - - - Full chip Erase 00h - - Write value in BSB 01h - - Write value in SBV 05h - - Write value in SSB 06h - - Write value in EB - - Write BTC_1 - - Write BTC_2 1Ch value 1Dh 1Eh - - Write BTC_3 1Fh - - Write NNB 20h 3 2 4 2 02h 03h 00h Id_read_command 2 2 01h 02h 00h value 00h - 01h - - Write CRIS - - Write value in Fuse (HWB) address - Hardware Reset - LJMP address 00h - - - Read Bootloader Version 01h - - - Read Device boot ID1 02h - - - Read Device boot ID2 00h - - - Read BSB 01h - - - Read SBV 05h - - - Read SSB 06h - - - Read EB 30h - - - Read Manufacturer Code 31h - - - Read Family Code 60h - - - Read Product Name 61h - - - Read Product Revision 1Ch - - - Read BTC_1 1Dh - - - Read BTC_2 1Eh - - - Read BTC_3 1Fh - - - Read NNB 20h - - - Read CRIS 00h - - - Read HWB 12 Rev 1.0 - 17 May 2001 Preliminary SPECIFICATION CAN ISP 2.5. Resume of Frames From Target (Bootloader) Identifier length data[0] data[1] data[2] data[3] data[4] Description Id_select_node 2 Boot version com open or close - - - Open/close communication 00h - - - - Command ok 01h - - - - Command fail 02h - - - - Command New Data Id_prog_data 1 n Id_display_data n data (n = 0 to 8) Blank Check ok 2 address not blank 1 00h Id_read_command 1 Value Id_error 1 00h Id_write_command Data read 0 Blank Check fail - - - - Rev 1.0 - 17 May 2001 - - Command ok - - Read Value - - Software Security Error 13 Preliminary SPECIFICATION CAN ISP 3. Functionality Description 3.1. Software Security Bit (SSB) The Software Security Bits are protected for all Api's access from ISP. The command "Program Software Security Bit" can only write a higher priority level. There are three levels of security: * level 0: NO_SECURITY (FFh) This is the default level. From level 0, one can write level 1 or level 2. * level 1: WRITE_SECURITY (FEh) For this level it is impossible to write in the Flash memory, BSB and SBV. The Bootloader returns ID_ERROR message. From level 1, one can write only level 2. * level 2: RD_WR_SECURITY (FCh) The level 2 forbids all read and write accesses to/from the Flash memory. The Bootloader returns ID_ERROR message. Only a full chip erase in parallel mode (using a programmer) or ISP command can reset the software security bits. From level 2, one cannot read and write anything. Level 0 Level 1 Level 2 Flash/EEPROM Any access allowed Read only access allowed Any access not allowed Fuse bit Any access allowed Read only access allowed Any access not allowed BSB & SBV & EB Any access allowed Read only access allowed Any access not allowed SSB Any access allowed Write level2 allowed Read only access allowed Manufacturer info Read only access allowed Read only access allowed Read only access allowed Bootloader info Read only access allowed Read only access allowed Read only access allowed Erase bloc Allowed Not allowed Not allowed Full chip erase Allowed Allowed Allowed Blank Check Allowed Allowed Allowed Table 2. Protected Level 3.2. Full Chip Erase The ISP command "Full Chip Erase" erases all flash memory (fills with FFh) and sets somes bytes used by the bootloader at their default values: * * * * BSB = FFh SBV = FFh EB = FFh SSB = FFh 14 Rev 1.0 - 17 May 2001 Preliminary SPECIFICATION CAN ISP 4. Flow Description 4.1. Communication initialization The initialization allows the bootloader to open (or closed) the communication with the target selected. If the node number pasted in parameter is egal to FFh then the bootloader accept the communication. Bootloader Host Id_select_node message Send Select Node message with node number in parameter Wait Select Node OR node select = FFh node select = local node number Timeout 10 ms state com = com open COMMAND ABORTED State com = com open State com = com closed Read Bootloader Version Id_select_node message Wait Select Node Send Bootloader Version and state of communication COMMAND FINISHED COMMAND FINISHED Example: identifier HOST BOOTLOADER Id_select_node Id_select_node lenght 01 02 data FF 01 01 Rev 1.0 - 17 May 2001 15 Preliminary SPECIFICATION CAN ISP 4.2. Program Flash Memory . Bootloader Host Send prog_start message with addresses Id_prog_start message Wait Prog start OR not Level 0 Id_error message Wait ERROR Send ERROR COMMAND ABORTED Wait ProgStart Send prog_data message with 8 datas Id_prog_start message Send ProgStart Id_prog_data message Wait Data prog Column Latch Full All bytes received Wait Programming All bytes received OR Wait COMMAND_N Wait COMMAND_OK Id_prog_data message Send COMMAND_NEW_DATA Id_prog_data message Send COMMAND_OK COMMAND FINISHED COMMAND FINISHED Example: Progamming Data (write 55h from 0000h to 0008h in the flash) identifier control data HOST BOOTLOADER Id_prog_start Id_prog_start 05 00 00 00 00 00 HOST BOOTLOADER HOST BOOTLOADER Id_prog_data Id_prog_data Id_prog_data Id_prog_data 08 01 01 01 55 02 55 00 55 55 55 55 08 55 55 55 // command_new_data // command_ok Progamming Data (write 55h from 0000h to 0008h in the flash), with SSB in write security identifier HOST BOOTLOADER Id_prog_start Id_error control 04 01 data 00 00 00 08 00 // error_security 16 Rev 1.0 - 17 May 2001 Preliminary SPECIFICATION CAN ISP 4.3. Display Data or Blank Check of Flash Memory Bootloader Host Id_display_data message Send display_data message with addresses or blank check Wait Display Data OR Level2 Id_error message Wait ERROR Send ERROR COMMAND ABORTED Blank command Read Data All datas read nb max by frame OR Wait Data Display Id_display_data message Send DATA Read Verify memory All datas read All datas read COMMAND FINISHED COMMAND FINISHED Blank Check OR Id_display_data message Wait COMMAND_KO Send COMMAND_KO COMMAND FINISHED Wait COMMAND_OK Id_display_data message Send COMMAND_OK COMMAND FINISHED Example: Display Data (from 0000h to 0008h) HOST BOOTLOADER BOOTLOADER identifier control Id_display_data Id_display_data Id_display_data 05 08 01 identifier control Id_display_data Id_display_data 05 00 datas 00 55 55 00 55 00 00 08 55 55 55 55 55 55 Blank Check HOST BOOTLOADER datas 01 00 00 00 08 // Command ok Rev 1.0 - 17 May 2001 17 Preliminary SPECIFICATION CAN ISP 4.4. Write command Bootloader Host Id_write_com message Send Write_Command Wait Write_Command OR NO_SECURITY Wait ERROR_SECURITY Id_error message Send ERROR_SECURITY COMMAND ABORTED Write Data Id_write_com message Wait COMMAND_OK Send COMMAND_OK COMMAND FINISHED COMMAND FINISHED Example: Full Chip Erase identifier control Id_write_command Id_write_command 02 01 identifier control HOST Id_write_command 03 01 00 BOOTLOADER Id_write_command 01 00 // command_ok HOST BOOTLOADER datas 00 00 FF // command_ok Write BSB at 88h datas 88 Write Fuse bit at Fxh datas identifier control HOST Id_write_command 02 02 F0 BOOTLOADER Id_write_command 01 00 // command_ok 18 Rev 1.0 - 17 May 2001 Preliminary SPECIFICATION CAN ISP 4.5. Read Command Bootloader Host Id_read_com message Send read_com message Wait Read_Com OR RD_WR_SECURITY Wait ERROR_SECURITY Id_error message Send ERROR_SECURITY COMMAND ABORTED Read Data Id_read_com message Wait Value of data Send Data read COMMAND FINISHED COMMAND FINISHED Example: Read Bootloader Version identifier HOST BOOTLOADER control datas Id_read_command Id_read_command 02 01 00 55 identifier control HOST Id_read_command 02 01 01 BOOTLOADER Id_read_command 01 F5 // SBV = F5h identifier control HOST Id_read_command 01 02 BOOTLOADER Id_read_command 01 F0 00 // Bootloader version 55h Read SBV datas Read Fuse bit datas Rev 1.0 - 17 May 2001 // Fuse bit = F0h 19 Preliminary SPECIFICATION CAN ISP 5. References [1] Datasheet T89C51CC01 Atmel Wireless&uc 20 Rev 1.0 - 17 May 2001 Preliminary VALIDATION All the tables above describe sequential test for validate the CAN Protocol. State_test defined the test number. 6. XAF access and protection State_test Action Expected Result COMMAND_OK Comment 0 Full Chip Erase 1 Write BSB = 55h COMMAND_OK 2 Read BSB BSB = 55h 3 Write SBV = 55h COMMAND_OK 4 Read SBV SBV = 55h 5 Write EB = 55h COMMAND_OK 6 Read EB EB = 55h 7 Write SSB = level1 COMMAND_OK 8 Read SSB SSB = level1 9 Write BSB = AAh ERROR_SECURITY 10 Read BSB BSB = 55h 11 Write SBV = AAh ERROR_SECURITY 12 Read SBV SBV = 55h 13 Write EB = AAh ERROR_SECURITY 14 Read EB EB = 55h 15 Write SSB = level2 COMMAND_OK 16 Read SSB SSB = level2 17 Write BSB = 00h ERROR_SECURITY Can not write BSB 18 Read BSB ERROR_SECURITY Can not read BSB 19 Write SBV = 00h ERROR_SECURITY Can not write SBV 20 Read SBV ERROR_SECURITY Can not read SBV 21 Write EB = 00h ERROR_SECURITY Can not write EB 22 Read EB ERROR_SECURITY Can not read EB 23 Write SSB = level1 ERROR_SECURITY Can not write SSB 24 Read SSB SSB = level2 25 Full Chip Erase COMMAND_OK 26 Read BSB BSB = FFh 27 Read SBV SBV = FFh 28 Read EB EB = FFh 29 Read SSB SSB = level0 Rev 1.0 - 15 Jan 2001 Erase all Flash, BSB, SBV, EB and SSB Level1 Read only for Flash, XAF and Fuse. Can not write BSB Can not write SBV Can not write EB Level2 Read and Write access forbidden Erase all Flash, BSB, SBV, EB and SSB 21 Preliminary VALIDATION 7. Flash access and protection State_test Action Expected Result Comment 0 Full Chip Erase COMMAND_OK 1 Write 55h from start_add = 0000h to end_add = 7FFFh Erase all Flash, BSB, SBV, EB and SSB COMMAND_OK 2 Read from start_add = 0000h to end_add = 7FFFh All Flash = 55h 3 Full Chip Erase COMMAND_OK 4 Write AAh at 5555h COMMAND_OK 5 Read at 0x5555h Value = AAh 6 Blank Check not ok at address 5555h Return the address of the first byte not erased 7 Full Chip Erase COMMAND_OK Erase all Flash, BSB, SBV, EB and SSB 8 Blank Check COMMAND_OK 9 Write SSB = level1 COMMAND_OK 10 Read SSB SSB = level1 11 Write AAh at 5555h ERROR_SECURITY 12 Read at 5555h Value = FFh 13 Write SSB = level2 COMMAND_OK 14 Read SSB SSB = level2 15 Write AAh at 5555h ERROR_SECURITY 16 Read at 5555h ERROR_SECURITY 17 Full Chip Erase COMMAND_OK 18 Write 55h from start_add = 0000h to end_add = 7FFFh COMMAND_OK 19 Read from start_add = 0000h to end_add = 7FFFh All Flash = 55h 20 Erase Block0 COMMAND_OK Erase Flash between 0000h - 1FFFh 21 Blank Check not ok at address 2000h Return the address of the first byte not erased 22 Erase Block1 COMMAND_OK Erase Flash between 2000h - 3FFFh Erase all Flash, BSB, SBV, EB and SSB Level1 Read only for Flash, XAF and Fuse. Level2 Read and Write acces forbidden Erase all Flash, BSB, SBV, EB and SSB 23 Blank Check not ok at address 4000h Return the address of the first byte not erased 24 Erase Block2 COMMAND_OK Erase Flash between 4000h - 7FFFh 25 Blank Check COMMAND_OK 22 Rev 1.0 - 15 Jan 2001 Preliminary VALIDATION 8. Eeprom Data access and protection State_test Action Expected Result 0 Full Chip Erase COMMAND_OK 1 Write AAh in EEPROM from start_add = 0000h to end_add = 7FFh COMMAND_OK 2 Read EEPROM from start_add = 0000h to end_add = 7FFh All EEPROM = AAh 3 Full Chip Erase COMMAND_OK 4 Read EEPROM from start_add = 0000h to end_add = 7FFh All EEPROM = AAh 5 Write SSB = level1 COMMAND_OK 6 Read SSB SSB = level1 7 Write in EEPROM 00h at 555h ERROR_SECURITY 8 Read EEPROM at 5555h Value = AAh 9 Write SSB = level2 COMMAND_OK 10 Read SSB SSB = level2 11 Write in EEPROM 00h at 555h ERROR_SECURITY 12 Read EEPROM at 555h ERROR_SECURITY 13 Full Chip Erase COMMAND_OK 14 Write 00h in EEPROM from start_add = 0000h to end_add = 7FFh COMMAND_OK 15 Read EEPROM from start_add = 0000h to end_add = 7FFh All Flash = 00h Rev 1.0 - 15 Jan 2001 Comment Erase all Flash, BSB, SBV, EB and SSB Erase all Flash, BSB, SBV, EB and SSB Level1 Read only for Flash, EEPROM, XAF and Fuse. Level2 Read and Write acces forbidden Erase all Flash, BSB, SBV, EB and SSB 23 Preliminary VALIDATION 9. Fuse access and protection State_test Action Expected Result Comment 0 Full Chip Erase COMMAND_OK Erase all Flash, BSB, SBV, EB and SSB 1 Write Fuse = FFh COMMAND_OK Only the four msb of byte can be write by software 2 Read Fuse Fuse = FFh 3 Write Fuse = 0Fh COMMAND_OK 4 Read Fuse Fuse = 0Fh 5 Write SSB = level1 COMMAND_OK 6 Read SSB SSB = level1 7 Write Fuse = 5Fh ERROR_SECURITY 8 Read Fuse Fuse = 0Fh 9 Write SSB = level2 COMMAND_OK 10 Read SSB SSB = level2 11 Write Fuse = 5Fh ERROR_SECURITY 12 Read Fuse ERROR_SECURITY 13 Full Chip Erase COMMAND_OK Erase all Flash, BSB, SBV, EB and SSB 14 Read Fuse Fuse = 0Fh The Fuse are not reseted by fullchip erase 15 Write Fuse = 5Fh COMMAND_OK 16 Read Fuse Fuse = 5Fh 24 Only the four msb of byte can be write by software Level1 Read only for Flash, XAF and Fuse. Level2 Read and Write acces forbidden Rev 1.0 - 15 Jan 2001 Preliminary VALIDATION 10. Specific Informations State_test Action 0 Full Chip Erase 1 Read Bootloader version 2 Read Device boot ID1 3 Read Device boot ID2 4 Read Manufacturer code 5 Read Family code 6 Read Product Name 7 Read Product Revision 8 Write SSB = level2 Expected Result Comment COMMAND_OK Erase all Flash, BSB, SBV, EB and SSB COMMAND_OK Level2 Read and Write acces forbidden 9 Read SSB SSB = level2 10 Read Bootloader version ERROR_SECURITY 11 Read Device boot ID1 ERROR_SECURITY 12 Read Device boot ID2 ERROR_SECURITY 13 Read Manufacturer code ERROR_SECURITY 14 Read Family code ERROR_SECURITY 15 Read Product Name ERROR_SECURITY 16 Read Product Revision ERROR_SECURITY 17 Full Chip Erase COMMAND_OK Rev 1.0 - 15 Jan 2001 Erase all Flash, BSB, SBV, EB and SSB 25 Preliminary VALIDATION 11. CAN functionality This test must be perform with the starter kit and the default value in the chip for CAN bit timing and CRIS byte and NNB. 1. Open 500 kbit/s communication with node_number = FFh . . . => OK 2. Write new Bit Timing to have 100Kbit/s . . . . . . . . . . . . . => OK BTC_1 = 0Ah BTC_2 = 02h BTC_3 = 26h 3. Write NNB = 01h . . . . . . . . . . . . . . . . . . . . . . . . . => OK 4. Write CRIS = 10h . . . . . . . . . . . . . . . . . . . . . . . . . => OK 5. Perform a RESET 6. Adapt the CRIS value on FLIP 7. Open 100 kbit/s communication with node_number = 02h . . . => No answer 8. Open 100 kbit/s communication with node_number = 01h . . . => OK 9. Perform a RESE 10. Open 500kbit/s communiation with node_number = FFh . . . . => OK NOTE: Some Error will occur on the CAN bus before load the default bit timing configuration. 26 Rev 1.0 - 15 Jan 2001 Preliminary