E AP-657

APPLICATION
NOTE

Designing with the

Advanced+ Boot Block
Flash Memory Architecture

December 1998

Order Number: 292215-003

Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or
otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel’s Terms and Conditions of
Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to
sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or
infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life
saving, or life sustaining applications.

Intel may make changes to specifications and product descriptions at any time, without notice.

Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.

Copies of documents which have an ordering number and are referenced in this document, or other Intel literature, may be
obtained from:

Intel Corporation
P.O. Box 5937
Denver, CO 80217-9808

or call 1-800-858-4725
or visit Intel’s Website at http://www.intel.com

COPYRIGHT © INTEL CORPORATION, 1998

*Third-party brands and names are the property of their respective owners.
CG-041493
E CONTENTS
AP-657

PAGE PAGE

1.0 INTRODUCTION .............................................5 3.2 Using the Protection Register .....................10

1.1 New Advanced+ Boot Block Features ..........5 3.2.1 Reading the Protection Register ..........11
3.2.2 Programming the Protection Register ..11
2.0 INSTANT INDIVIDUAL BLOCK LOCKING .....5
3.2.3 Locking the Protection Register ...........11
2.1 Taking Advantage of Locking .......................5
2.1.1 Real-Time Code/Data Protection ...........5 4.0 IMPROVED 12 V PRODUCTION
2.1.2 Boot Code Flexibility..............................5 PROGRAMMING ..........................................11
2.2 Locking Operation ........................................6 4.1 Suggested Supply Configurations ..............12
2.2.1 Locked State (state [001] or [101]) ........6 4.1.1 12 V Fast Programming with Full Device
Protection ...........................................12
2.2.2 Unlocked State (state [000], [100], or
[110])....................................................6 4.1.2 12 V Fast Programming without Device
Protection ...........................................12
2.2.3 Lock-Down State ...................................8
4.1.3 Low-Voltage Programming with
2.2.4 Locked-Lock-Down State.......................8 Switchable Device Protection .............12
2.2.5 Reading A Block’s Lock Status ..............8 4.1.4 Single Supply.......................................12
2.2.6 Locking Operations During Erase
Suspend...............................................8 5.0 COMMON FLASH INTERFACE (CFI) ...........14
2.2.7 Status Register Error Checking .............8 5.1 CFI Benefits ...............................................14
5.1.1 Using CFI for Upgrading ......................14
3.0 128-BIT PROTECTION REGISTER ................9
5.1.2 Using CFI for Second Sources ............14
3.1 Taking Advantage of the Protection
Register.......................................................9 5.2 Accessing CFI in the Advanced+
Boot Block .................................................14
3.1.1 Guaranteeing Authenticity (Security) .....9
3.1.2 Storing Equipment Identifiers 6.0 CONCLUSION.............................................14
(Security)............................................10
3.1.3 Detecting Identifier Changes (Security)10 APPENDIX A: Additional Information ...............15
3.1.4 Linking Physical Components APPENDIX B: Diode/Resistor Requirements for
(Security)............................................10 Improved 12 V Production Programming
3.1.5 Platform Configuration (Manufacturing Configurations.............................................16
Simplification).....................................10
3.1.6 Storing Manufacturing Process
Information (Manufacturing
Simplification).....................................10
3.1.7 Determining Upgrade Privileges
(System Maintenance Simplification)..10
3.1.8 Equipment Registration (System
Maintenance Simplification)................10

3
AP-657 E
REVISION HISTORY
Date of Version Description
Revision
05/12/98 -001 Original version
05/12/98 -002 Section 2.2.5, corrected erroneous reference to Appendix B.
Section 3.1.6, Changed section title from Locking Manufacturing Process
Information to Storing Manufacturing Process Information.
Section 3.2.1, Added reference to datasheets for information regarding
protection register addressing.
Table 6, corrected erroneous reference to Appendix C.
12/01/98 -003 Major wording revision
Added application examples for Instant Individual Block Locking and 128-
bit Protection Register
Added figure, Instant Individual Block Locking State Table.

4
E AP-657
1.0 INTRODUCTION
The new Advanced+ Boot Block flash memory family
(C3/C2) from Intel offers a number of features that
enable applications to integrate security as well as
simplify software and hardware configurations. This
application note discusses how to take full advantage of
the new Advanced+ Boot Block features.
1.1 New Advanced+ Boot Block
Features
The C3/C2 family adds the following new features to
Intel® Advanced Boot Block (B3) architecture:
• Instant, individual block locking provides
software/hardware controlled, independent locking/
unlocking of any block with zero latency to protect
code and data.
• A 128-bit Protection Register enables system
security schemes
• Improved 12 V production programming simplifies
the system configuration required to implement 12 V
fast programming
• Common Flash Interface (CFI) provides component
information on the chip to allow software-
independent device upgrades
The following sections detail each new feature along
with ideas and suggestions for implementing them in
system designs.
2.0 INSTANT INDIVIDUAL BLOCK
LOCKING
Intel® C3/C2 products offer a block locking scheme that
allows any block to be locked or unlocked with no
latency, enabling instant code and data protection.
This locking scheme offers two levels of protection. The
first level allows software-only control of block locking
(useful for data blocks that change frequently), while the
second level requires appropriate voltages on WP# to
control locking (useful for code blocks that change
infrequently).
The following sections will discuss the operation of the
locking system and how to take full advantage of it in
typical system situations. The term “state [XYZ]” will
be used to specify locking states; e.g., “state [001],”
where X = value of WP#, Y = bit DQ1 of the Block
Lock status register, and Z = bit DQ0 of the Block Lock
status register. Figure 1 defines all of these possible
locking states.
2.1 Taking Advantage of Locking
This block locking scheme has two characteristics that
distinguish it from prior locking schemes:
1. Locking occurs instantaneously. Immediately upon
completion of the two-cycle command, the selected
block lock change is implemented with no latency.
2. Blocks may be individually locked. Each block
may be independently locked or unlocked.
These locking features enable sophisticated applications
that can store updateable code and rich data types in the
flash without compromising system performance or
integrity.
2.1.1 REAL-TIME CODE/DATA
PROTECTION
The new block locking scheme is optimized to be used
in real-time code/data applications. For example, data
blocks may be locked or unlocked, without latency,
through software commands alone while code blocks
may be protected via both hardware and software
commands.
In this example application, data blocks are updated
through the following sequence:
• Command issued to unlock the block
• Data written
• Command issued to lock the block again
Code blocks are updated through the following
sequence:
• Set WP# pin = high
• Command issued to unlock the block
• Data written
• Command issued to lock the block
• WP# lowered to GND for complete block protection
5
AP-657
2.1.2 BOOT CODE FLEXIBILITY
The new locking scheme also allows boot code location
and size flexibility. For example, if the boot code is
required to be located in block 3, block 3 may be
configured for hardware/software protection. The size of
the boot area may also be increased by locking more
than one block.
2.2 Locking Operation
Figure 1 illustrates how the locking scheme functions.
States, such as locked, unlocked, or lock-down are
described in subsections that follow. Commands are
shown in Table 1. The following outlines its
functionality:
• Regardless of the state of WP#, all blocks power up
in a locked state (state [001] or [101])
If WP# = 0,
• After power up the block may be unlocked (state
[000]), written to, and locked (state [001]) via
software commands.
• A block may be locked-down (state [011]), in which
case that block will no longer be able to be unlocked
and written to via software commands alone.
If WP# = 1,
• After power up the block may be unlocked (state
[100]), written to and locked (state [101]) via
software commands.
6
E
• A block may be put into Locked-Lock-Down (state
[111]) via a software command when WP# = 1. The
block may then be unlocked (state [110]) and put
back in Locked-Lock-Down (state [111]) via
software commands. If WP# is transitioned to 0, the
block will go into Lock-Down (state [011]) if the
block is in either state [111] or [110].
The Locked, Unlocked, Lock-Down, and Locked-Lock-
Down are described in the following sections.
2.2.1 LOCKED STATE (state [001] or [101])
The default status of all blocks upon power-up or reset is
Locked (states [001] or [101]). Locked blocks are fully
protected from alteration. Any program or erase
operations attempted on a locked block will return an
error on bit SR.1 of the status register. Blocks are locked
from the Unlocked State (see below) via the Lock
command (60H/01).
2.2.2 UNLOCKED STATE (state [000], [100],
or [110])
Unlocked blocks (states [000], [100], and [110]) can be
programmed or erased. Blocks are unlocked from the
Locked state or the Locked-Lock-Down state via the
unlock command (60H/D0).
Note that all unlocked blocks return to the Locked state
(state [001] if WP# = 0 and state [101] if WP# = 1) when
the device is reset or powered down.
E AP-657

UNLOCKED LOCKED

D0 01
[000] [001]

Power-Up/
2F Reset Default
WP = 0

2F
[011]

D0 01
[110] [111]

WP = 1 2F
2F Power-Up/
Reset Default

D0 01
[100] [101]

D0 = Unlock Command

01 = Lock Command

2F = Lock-Down Command
2215otp

Figure 1. Instant Individual Block Locking State Table

Table 1. Block Locking Command Bus Definitions

First Bus Cycle Second Bus Cycle
Command Notes Oper Addr Data Oper Addr Data
Lock Block 4 Write X 60H Write BA 01H
Unlock Block 4 Write X 60H Write BA D0H
Lock-Down Block 4 Write X 60H Write BA 2FH
X = Don’t Care PA = Prog Addr BA = Block Addr IA = Identifier Addr. QA = Query Addr.
SRD = Status Reg. Data PD = Prog Data ID = Identifier Data QD = Query Data

7
AP-657

2.2.3 LOCK-DOWN STATE

E
Table 2. Block Lock Status
Item Address Data
Blocks that are in Lock-Down (state [011]) provide an
additional level of protection by requiring a hardware Block Lock Configuration XX002 LOCK
input change before a block can be modified. Once a
block has been locked-down, it cannot be unlocked • Block Is Unlocked DQ0 = 0
with software commands alone (when WP# = 0).
Blocks may be locked down from the [000] or the • Block Is Locked DQ0 = 1
[001] states via the Lock-Down command (60H/2F). • Block Is Locked-Down DQ1 = 1
From the [111] or the [110] state the blocked is placed
in lock-down by changing the state of WP# from a
logic high to a logic low. 2.2.6 LOCKING OPERATIONS DURING
ERASE SUSPEND
Note that Locked-Lock-Down blocks revert to the
Locked state (state [001] if WP# = 0 and state [101] if Changes to block lock status can be performed during
WP# = 1) when the device is reset or powered down. an erase suspend by using the standard locking
command sequences to unlock, lock, or lock-down a
2.2.4 LOCKED-LOCK-DOWN STATE block. This is useful in the case when another block
needs to be updated while an erase operation is in
The Locked-Lock-Down state [111] is an intermediate progress.
state to allow blocks in Lock-Down to be changed via
a combination of hardware and software control. The To change block locking during an erase operation,
Locked-Lock-Down State can be entered by one of first write the Erase Suspend command (B0H), then
three ways: check the status register until it indicates that the
erase operation has been suspended. Next write the
• From the Locked state [101] or the Unlocked state desired lock command sequence to a block and the
[100] via the Lock-Down command lock status will be changed. After completing any
desired lock, read, or program operations, resume the
• From the Unlocked state [110] via the lock erase operation with the Erase Resume command
command (D0H).
• From the Lock-Down state [011] by setting
If a block is locked or in Lock-Down (including
WP# = 1
Locked-Lock-Down) during a suspended erase of the
same block, the locking status bits will be changed
Note that Locked-Lock-Down blocks revert to the
immediately, however, the erase operation will
Locked state (state [001] if WP# = 0 and state [101] if
complete.
WP#=1) when the device is reset or powered down.
Locking operations cannot be performed during a
2.2.5 READING A BLOCK’S LOCK program suspend. Refer to the datasheet for detailed
STATUS information on which commands are valid during
erase suspend.
The lock status of every block can be read by issuing
the Read Configuration command (90H). Subsequent
reads at the second address of each block will output 2.2.7 STATUS REGISTER ERROR
CHECKING
the lock status for that block. The lock status is
represented by the lowest two output pins, DQ0 and
Using nested locking or program command sequences
DQ1. DQ0 indicates the block lock status (See Table
during erase suspend can introduce ambiguity into
X) and is set by the Lock command and cleared by the
status register results.
Unlock command. It is also automatically set when
entering Lock-Down or Locked-Lock-Down. DQ1
indicates Lock-Down status and is set by the Lock-
Down command. It cannot be cleared by software,
only by device reset or power-down.

8
E
Since locking changes are performed using a two- 3.1 Taking Advantage of the
AP-657

cycle command sequence, e.g., 60H followed by 01H Protection Register

to lock a block, following the configuration setup
(60H) with an invalid command will produce a lock
command error (SR.4 and SR.5 will be set to 1) in the
status register. If a lock command error occurs during
an erase suspend, SR.4 and SR.5 will be set to 1, and
will remain at 1 after the erase is resumed. When
erase is complete, any possible error during the erase
cannot be detected via the status register because of
the previous locking command error.
3.0 128-BIT PROTECTION
REGISTER
The Protection Register (PR) is a 128-bit nonvolatile
storage space separate from the main array, which
may be used for a wide array of applications.
The PR is divided into two 64-bit segments. The first
64-bits is programmed and locked at the Intel factory
with a unique 64-bit number. It may not be altered.
The other 64-bit segment, the OEM segment, is left
un-programmed for customer to program as desired.
Once the OEM segment is programmed, it may be
permanently locked to prevent re-programming.
The PR may be used to implement security schemes,
simplify manufacturing, and/or reduce system
maintenance. Security may be implemented by
guaranteeing authenticity over a network, storing
equipment identifier numbers, and linking physical
components. Manufacturing may be simplified by
storing platform configuration information and/or
process information. Lastly, system maintenance may
be simplified by using the PR to store registration
information or upgrade privilege information.
The C3/C2 architecture can save design time and
component count, cost, and space by integrating other
discrete memory functionality into one device.
3.1.1 GUARANTEEING AUTHENTICITY
(Security)
The PR may be used to store a unique number used to
ensure that the application attempting to access a
network is not “foreign.” The host may check this
number against a database to determine access
permission to areas of the network.

Table 3. Summary of Common Locking Operations

To do this operation... ...in this lock state... ...do this:
Update a code or data Unlocked (state [000], No locking changes needed.
block [110] or [100])
Locked (state [001] or 1. Unlock the block (60H/D0H).
[101]) 2. Execute program or erase operation.
3. Relock the block.
Lock-Down (state [111]) 1. Set WP# = 1 to override Lock-Down.
2. Unlock the block (60H/D0H).
3. Execute program or erase operation.
4. Set WP# = 0 to return to Lock-Down.
Protect a data block Unlocked (state [000] or 1. Lock the block (60H/01H).
[100])
Locked (state [001] or No locking changes needed.
[101])
Protect a code block Unlocked (state [000] or 1. Use the Lock-Down command (60H/2FH).
[100]) or Locked (state 2. Set WP# = 0 to return to Lock-Down (if WP# = 1)
[001] or [101])
Lock-Down (state [111]) No locking changes needed
Unlocked state from 1. Set WP# = 0 to return to Lock-Down.
Locked-Lock-Down
(state [110])

9
AP-657
3.1.2 STORING EQUIPMENT IDENTIFIERS
(Security)
Most wireless or networked equipment require a unique
identifier for each unit. For example, each cellular
telephone is assigned an Electronic Serial Number
(ESN) or International Mobile Subscriber Equipment
Identifier (IMEI) that it uses to identify itself to the
network. In addition, addressable set-tops and
networking equipment need to store network addresses.
Currently, this information may be stored in an
EEPROM or flash memory, but this allows the
equipment identifier to be fraudulently changed. By
storing this information in the OEM segment of the PR,
which—once programmed and locked—cannot be
changed, the risk of cloning is reduced by making the
number unalterable.
3.1.3 DETECTING IDENTIFIER CHANGES
(Security)
The PR may also be used to detect if another identifier,
password, key, or section of code in the equipment has
been modified. Thus, an application may be setup to
disable itself when it recognizes that it has been
tampered with.
This may be implemented by using the factory-
programmed unique number to encrypt the identifier,
then storing the result in the OEM segment of the
protection register. The encryption algorithm may be as
simple as performing an XOR, or more sophisticated
public/private key algorithm. By checking if the number
stored in the OEM segment of the PR matches the
expected value from the algorithm, the system can detect
whether the key has been altered.
3.1.4 LINKING PHYSICAL COMPONENTS
(Security)
Equipment identifiers may also be fraudulently changed
by physically changing system components. The PR
may be used to prevent this by linking the specific
physical components in a system.
This requires that other system components, such as an
ASIC, CPU or discrete component also have unique
identifiers. A physical change of components may be
then be detected by implementing a similar algorithm as
outlined in Section 3.1.3.
10
3.1.5 PLATFORM CONFIGURATION
E
(Manufacturing Simplification)
In some cases, a single system design may be configured
to be different end-products in order to take advantage
of volume mass production yet meet various price points
by enabling or disabling features. The OEM segment of
the PR provides an ideal place to store configuration
information because it is permanent. This may be used
in conjunction with a component-linking scheme
(Section 3.1.4) to prevent the flash from being swapped
out.
3.1.6 STORING MANUFACTURING
PROCESS INFORMATION
(Manufacturing Simplification)
During the lifetime of a system, the contents of the flash
may be updated many times, especially in the
production line. In this usage model, the ability to store
manufacturing or configuration information in a non-
volatile, unchangeable memory space such as the PR
becomes very useful.
One usage is to store the time, equipment, and other
manufacturing information in the PR, which is useful for
failure analysis or the debugging purposes.
3.1.7 DETERMINING UPGRADE
PRIVILEGES (System Maintenance
Simplification)
Information stored in the PR may be used to determine
upgrade privileges. For example, a handheld device
logged onto the network may request an upgrade for the
application. The PR could be queried, checked against a
vendor database to determine if the user paid for the
upgrade. This is similar to guaranteeing authenticity (see
Section 3.1.1). However, in this example, the PR is
being used to eliminate the need of manually verifying
the upgrade.
3.1.8 EQUIPMENT REGISTRATION (System
Maintenance Simplification)
The PR may be used to simplify registration processes.
By implementing an algorithm to automatically register
the device upon initialization, the information in the PR
may be sent to the vendor to register the product.
E
3.2 Using the Protection Register
AP-657

The following sections describe the operation for 88H

reading and programming the PR.
4 Words
User Programmed
3.2.1 READING THE PROTECTION 85H
REGISTER
84H
The PR is read in the configuration read mode via the 4 Words
Read Configuration command (90H). Once in this mode, Factory Programmed
read cycles from the appropriate addresses will retrieve
the specified information. (Refer to the appropriate 81H
product datasheet for PR addressing.) To return to read PR Lock
80H
array mode, write the Read Array command (FFH).
0645_05

3.2.2 PROGRAMMING THE PROTECTION NOTE:

REGISTER
The OEM segment of the PR is programmed using the
two-cycle Protection Program command. This 64-bit
number is programmed 16-bits at a time for word-wide
parts. The first write the is the command sequence is the
Protection Program Setup command, C0H. The next
write to the device will latch in address and data and
program the specified location. The allowable addresses
are shown in the datasheet.
Any attempt to address Protection Program commands
outside the defined PR address space will result in a
status register error (program error bit SR.4 will be set to
1). Attempting to program to a previously locked PR
segment will result in a status register error (program
error bit SR.4 and lock error bit SR.1 will be set to 1).
3.2.3 LOCKING THE PROTECTION
REGISTER
After programming the OEM segment, this section may
be locked by programming Bit 1 of the PR-LOCK
location to 0. (Bit 0 of this location is programmed to 0
at the Intel factory to protect the unique device number.)
This bit is set using the Protection Program command to
program “FFFD” to the PR-LOCK location.
Once Bit 1 has been programmed, no further changes
can be made to the PR. Protection Program commands
to a locked section will result in a status register error
(program error bit SR.4 and lock error bit SR.1 will be
set to 1). The PR lockout state is not reversible.
Word-wide addresses shown.
Figure 2. Protection Register Memory Map
4.0 IMPROVED 12 V PRODUCTION
PROGRAMMING
The Improved 12 V Production Programming feature
simplifies system implementation of fast program/erase
using 12 V VPP. By modifying the way current is
distributed between the VCC and VPP pins, systems can
configure the flash power supply pins in a variety of
ways to support different voltage and protection
requirements. Four example configurations are shown in
Figure 3.
The C3/C2 distributes its current distribution between
VCC and VPP as follows:
1. If VPP = system-level voltage, program and erase
current is drawn through the V CC pin.
2. If VPP = 12 V, fast 12 V program/erase is enabled,
drawing current through V PP.
3. If VPP = GND, the entire array is protected against
all program or erase operations.
The only change from previous Intel® Flash products is
when VPP = system-level voltage. In the Intel®
Advanced Boot Block product line, program/erase
current is drawn through V PP.

11
AP-657
4.1 Suggested Supply
Configurations
The Improved 12 V Production Programming feature
may be used in four suggested power supply
configurations. These configurations offer various
combinations of low-voltage program/erase, 12 V fast
program/erase, and full device protection. Each
suggested configuration will be discussed in the
following subsections.
In this discussion, the terminology “low-voltage
program/erase” refers to program and erase operations
when running the device at system supply voltage (not
12 V). The term “12 V fast program/erase” refers to
temporarily applying 12 V (see the datasheet for details)
on the VPP pin in order to improve program/erase
performance. The term “full device protection” refers to
switching or tying VPP to GND disabling program and
erase operations.
4.1.1 12 V FAST PROGRAMMING WITH
FULL DEVICE PROTECTION
The configuration shown in Figure 3A allows 12 V to be
applied to VPP for fast program/erase in a production
line or service center, while keeping VPP permanently
grounded through the pull-down resistor for full device
protection when 12 V is not applied. This configuration
is ideal for applications that update the flash only in a
factory or service center.
The resistor value should be determined such that
voltage at VPP <= the VPP lockout voltage (VPPLK) when
12 V is removed. VPPLK defines the maximum voltage at
which program/erase operations will not function.
4.1.2 12 V FAST PROGRAMMING WITHOUT
DEVICE PROTECTION
The configuration shown in Figure 3B allows 12 V to be
applied to VPP for fast program/erase in a production
line or service center and the system supply voltage to
be used for in-system writes. This configuration is ideal
for applications that update code/data in the factory and
in-system.
12
E
This configuration consists of a either a resistor or diode
between VCC and VPP.
• When VPP = 12 V fast program/erase is enabled, the
diode prevents current from flowing to the VCC
supply from V PP.
• When the 12 V supply is absent the system supply
forward biases the diode bringing VPP = VCC – VF,
where VF is the forward voltage drop of the diode.
Note that VIHMin for VPP is different than VIHMin
for other I/O pins. Please refer to the datasheet for
details. The requirements for this diode are shown in
Appendix B.
• If a resistor is used between VCC and VPP, the VCC
power supply must sink adequate current as
determined by the resistor value. The worst case
current situation is calculated as shown in Appendix
B.
4.1.3 LOW-VOLTAGE PROGRAMMING
WITH SWITCHABLE DEVICE
PROTECTION
The configuration shown in Figure 3C offers the
flexibility to switch VPP with a logic signal from the
CPU or an ASIC. When VPP = GND, all program and
erase operations to the entire flash device are disabled.
When VPP >= VIHMin, the flash contents may be
modified.
This configuration is ideal for applications that do not
require 12 V production programming but require the
flexibility and protection of switchable full device
protection.
4.1.4 SINGLE SUPPLY
The single supply configuration shown in Figure 3D
offers simplicity connecting both VCC and VPP to the
same power supply. This configuration is ideal for
applications that do not require 12 V production
programming or complete device protection.
E AP-657

3A System Supply System Supply 3C

VCC VCC
12 V Supply
VPP Prot# VPP
10 KΩ (Logic Signal)

12 V Fast Programming Low-Voltage Programming Only

Complete Write Protection When VPP ≠ 12 V Logic Control of Complete Device Protection

3B System Supply 3D
System Supply
VCC VCC
(Note 1)
VPP VPP
12 V Supply
12 V Fast Programming Low-Voltage Programming Only
Full Array Protection Unavailable Full Array Protection Unavailable
2215_02

NOTE:
1. A resistor can be used if the VCC supply can sink adequate current based on resistor value. See AP-658 Designing for
Upgrade to the Advanced+ Boot Block Flash Memory for details.

Figure 3. Improved 12 V Production Programming Power Supply Configurations

13
AP-657
5.0 COMMON FLASH INTERFACE
(CFI)
The C3/C2 products support Common Flash Interface
(CFI), a standardized data structure that may be queried
from a flash memory device. CFI allows system software
to query the installed device (on board component, PC
(PCMCIA) Card, or Miniature Card) to determine
configurations, various electrical and timing parameters,
and functions supported by the device. This information
may then be used to optimize the application.
5.1 CFI Benefits
The primary benefits of CFI are ease of upgrading and
second source availability. Both are concerns when an
OEM or end-user (the consumer) purchases a product.
5.1.1 USING CFI FOR UPGRADING
Easy upgrade paths enable system designers to take
advantage of increased densities (or speeds, etc.) on
memory devices. Hardware compatibility is generally
accounted for with pin-for-pin compatible hardware
footprints or flexible layouts, but software compatibility
requires that the system software be able to adapt to the
a new device. CFI allows new products to be used in
place of their older versions without software
modifications.
There are several ways the software may take advantage
of the information provided in the CFI query. For
example, density information is stored in the CFI array.
If an application upgrades from a 16-Mbit to a 32-Mbit
density, the software may be configured to take
advantage of larger density devices; e.g., more e-mails
stored, longer talk time for voice mails, more phone
numbers, etc.
CFI enables new features to be utilized by designing
initial software to adapt to CFI devices.
14
5.1.2
E
USING CFI FOR SECOND SOURCES
CFI also allows application to be designed for multi-
source flash components since the CFI array includes
manufacture information. This information includes
command sets and device specific information (VCC
supply voltage levels). In this type of application, the
software will be designed to use different low-level
algorithms based on the device.
5.2 Accessing CFI in the
Advanced+ Boot Block
Not all devices installed into a flash memory socket will
be CFI-enabled. To determine if a device is CFI-capable,
the application must write a 98h to location 55h within
the memory. If the consecutive reads from addresses
10h, 11h, and 12h return “Q,” ”R,” and “Y” in ASCII,
the device is CFI-compliant. Note that CFI information
only appears on D 0–D7; upper bytes will output 00H.
Additional details on reading, interpreting, and using the
device information stored in the CFI table are available
in application note AP-646 Common Flash Interface
(CFI) and Command Sets.
6.0 CONCLUSION
The new features of the Advanced+ Boot Block
architecture allow higher levels of memory component
integration. The Instant, Individual Block locking
scheme enables multiple levels of protection for both
code and data. The Protection Register may be used to
implement security schemes, simplify manufacturing,
and/or reduce system maintenance. Improved 12 V
Production Programming offers flexible power supply
configurations for fast 12 V factory programming with
low-voltage in-system updates. Lastly, Common Flash
Interface enables easy upgrades and multi-source
designs.
E AP-657

APPENDIX A
ADDITIONAL INFORMATION(1,2)

Order Number Document/Tool

210830 Flash Memory Databook
290647 2.4 Volt Advanced+ Boot Block Flash Memory Family; 28F800C2, 28F160C2,
28F320C2 datasheet
290645 3 Volt Advanced+ Boot Block Flash Memory Family; 28F800C3, 28F160C3,
28F320C3 datasheet
292216 AP-658 Designing for Upgrade to the Advanced+ Boot Block Flash Memory
292204 AP-646 Common Flash Interface (CFI) and Command Sets
NOTES:
1. Please call the Intel Literature Center at (800) 548-4725 to request Intel documentation. International customers should
contact their local Intel or distribution sales office.
2. Visit Intel’s World Wide Web home page at http://www.intel.com for technical documentation and tools.

Other Referenced Vendors:

Central Semiconductor Corp.
145 Adams Avenue
Hauppauge, New York 11788
telephone (516) 435-1110
fax (516) 435-1824
website http://centralsemi.com

15
AP-657 E
APPENDIX B
DIODE/RESISTOR REQUIREMENTS FOR
IMPROVED 12 V PRODUCTION PROGRAMMING
CONFIGURATIONS

In the Improved 12 V Production Programming power-

supply configuration shown in Figure 3B, either a diode Table 5. CMSD4448 Specifications
or a resistor may be used between VCC and VPP. A
resistor may be used if the system power supplies can Parameter Value
sink the amount of current calculated in Table 4. If the Breakdown Voltage (min VBR@IR = 75 V
system supply cannot sink adequate current a diode must 5.0 µA)
be used between V CC and VPP.
Breakdown Voltage (min VBR@IR = 100 V
Table 4. Current Sinking Requirement with 100 µA)
Resistor between VCC and VPP
Rev. Leakage Current (max IR@VR = 25 mA
I=V/R 20 V)
I = (VPP2 (MAX) - VCC1 (MIN)) / R Forward Voltage Drop (min VF@IF = 0.62 V
5 mA)
I = (12.6 V – 2.7 V) / R
Forward Voltage Drop (max VF@IF = 0.72 V
where: I: Current to be sunk by supply 5 mA)
VPP2 (MAX) - VCC1 (MIN): Voltage difference
between VPP & VCC Forward Volt. Drop (max VF@IF = 1.0 V
R: Resistor Value (Ω) 100 mA)
Example values used are for the 28F160C3. Capacitance (CT@VR = 0, f=1 MHz) 4.0 pF
trr 4.0 ns
A diode that is ideal for Advanced+ Boot Block (IR = IF = 10 mA, RL = 100 Ω, Rec. to
applications is the Central Semiconductor Corp. 1.0 mA)
CMSD4448 Super-Mini Surface Mount High Speed
Switching Diode in SOT-323 case. This diode has the
specifications shown in Table 5, although the only key
parameters of concern here are V F and VR.

16
E Table 6. Minimum Requirements for Diode
AP-657

between VCC and VPP

For the flash to operate within specifications,
the following conditions must be met::
VCC ≥ VCC1 (MIN), VPP ≥ VPP1 (MIN)
In the diode configuration:
VPP = VCC – VF
For the 28F160C3 at worst case conditions:
VCC = VCC1 (MIN) = 2.7 V
VPP = 2.7 V – VF
Since the flash requires VPP ≥ 1.65 V, the
forward voltage drop VF of the diode must be:
VF ≤ 2.7 V – 1.65 V = 1.05 V
In addition, the diode must tolerate a reverse
voltage VR:
VR ≥ VPP2 (MAX) – VCC1 (MIN)
VR ≥ 12.6 V – 2.7 V
VR ≥ 9.9 V
Therefore the diode must meet:
VF ≤ 1.05 V, VR ≥ 9.9 V
See Table 5 for a specific example diode.

17