DS28EC20 programming user EEPROM and protection control blocks
Posted: Tue Apr 13, 2021 2:46 pm
DS28EC20 is 1-wire device with 20kB EEPROM (80 pages x 32 bytes = 2560 bytes) with additional registers:
- Protection Control Blocks (10 bytes) read/(write)*
- User EEPROM (20 bytes) read/write
- Memory Block Lock (1 byte) read/(write)*
- Register Page Lock (1 byte) read/(write)*
- Factory Byte (1 byte) read only
- Manufacturer ID (2 bytes) read only
- 64-bit ID read only
* for factory new device these registers are read/write, but when you program to it 0x55 (write protection) or 0xAA (EPROM mode) you can not change it anymore and it becomes read only.
Please take a look at memory organization from DS28EC20 datasheet page9.
READ/WRITE Data Memory area
You can reprogramm Data Memory of DS28EC20 (block 0-9 = pages 0-79 = 2560 bytes of data) with REVELPROG-IS (since v1.8.5) by selecting device from memory database EEPROM -> 1-Wire -> Maxim -> DS28EC20 and use standard read/write buttons from application. It's simple, nothing to explain
READ/WRITE additional registers
You can also use Custom Script Tool to change Protection Registers or User Memory.
In this tutorial I'll show example scripts how to read and write above registers.
READ additional registers
Protection Control Blocks (0-9) are located from address 0x0A00 to address 0xA09h. You can read them using below scripts:
By default all bytes are equal to zeros (no protection). 55h in any byte means that according block is write protected. AAh means that according block is in EPROM emulation mode.
User EEPROM (20 bytes) starts from address 0x0A0A and ends at 0x0A1D. It can be read by using below script:
At address 0x0A1E is located Memory Block Lock (it blocks copy-scratchpad function) and at address 0x0A1F is located Register Page Lock (write protection for protection control blocks). At address 0x0A23-0x0A24 (2 bytes) is manufacturer ID and it's read only (you can order DS28EC20 from Maxim with required manufacturer ID) and at address 0x0A20 is control byte for manufacturer ID (0x55 means no valid manufactruer ID, 0xAAh means valid manufacturer ID). You can read all these bytes using custom script tool too:
WRITE additional registers (be careful!)
Factory new chip have registers in factory reset state. You can change block protection or configure EPROM emulation mode for selected blocks. But be careful, once changed it becomes read-only! Datasheet says "Once programmed to AAh or 55h this address becomes read only. All other codes can be stored, but neither write protect the address nor activate any function" so be careful. Writing procedure is described in datasheet pages 12-15 - you have flow diagram which I used to prepare you writing scripts (please read my notes below before using it):
In first step we are writing scratchpad. It's additional buffer between RAM and EEPROM. Changing scratchpad only is safe. In DATA field you have total 32 bytes: first 10 bytes are protection control bytes (writing 0x55 or 0xAA to any of these bytes will protect selected block or configure it in EPROM emulation mode), next 20 bytes is user EEPROM, and next 2 bytes is memory block lock and register page lock. In total there are 32 bytes - in script above all are equal to default state (zeros) but you can change it according to your needs.
Second step is required to read authorization code (without this code we can not change registers). So we are reading address bytes (TA1 and TA2) + authorization code (ES) + 32 bytes which you provided in first step.
You can safely run script with step 1 and step 2 (without step 3) - it will not change registers. It should read 35 bytes. 3rd byte is authorization code - please write it down, it will be required for writing. In example above authorization code is 0x1F but in your case it may be different (it depends on data bytes in step 1)
Third step is copy scratchpad operation. You need to provide authorization code here (0x1F in this example - replace it with your own - you can read it in step 2). It copies scratchpad (from step 1) to device memory. Valid authorization code (which you can read in step 2) is required for operation success.
When you run above script (3 operations: step 1 + step 2 + step 3 with valid authorization code) registers will be reprogrammed.
That's all Hope it helps!
- Protection Control Blocks (10 bytes) read/(write)*
- User EEPROM (20 bytes) read/write
- Memory Block Lock (1 byte) read/(write)*
- Register Page Lock (1 byte) read/(write)*
- Factory Byte (1 byte) read only
- Manufacturer ID (2 bytes) read only
- 64-bit ID read only
* for factory new device these registers are read/write, but when you program to it 0x55 (write protection) or 0xAA (EPROM mode) you can not change it anymore and it becomes read only.
Please take a look at memory organization from DS28EC20 datasheet page9.
READ/WRITE Data Memory area
You can reprogramm Data Memory of DS28EC20 (block 0-9 = pages 0-79 = 2560 bytes of data) with REVELPROG-IS (since v1.8.5) by selecting device from memory database EEPROM -> 1-Wire -> Maxim -> DS28EC20 and use standard read/write buttons from application. It's simple, nothing to explain
READ/WRITE additional registers
You can also use Custom Script Tool to change Protection Registers or User Memory.
In this tutorial I'll show example scripts how to read and write above registers.
READ additional registers
Protection Control Blocks (0-9) are located from address 0x0A00 to address 0xA09h. You can read them using below scripts:
Code: Select all
// DS28EC20
// Read protection control blocks
#SCRIPT HEADER;
SCRIPT:v1.8.4;
#HARDWARE SETTINGS;
HW:1-WIRE,4.5V,SLOW;
// Read Protection Control Blocks 0 to 9 (10 bytes)
#OPERATION;
SW:0,0,1,9,0,0,0,0,0,500;
INSTR:CC, F0, 00, 0A; // SKIP ROM + READ MEMORY + START ADDR (0A00h)
By default all bytes are equal to zeros (no protection). 55h in any byte means that according block is write protected. AAh means that according block is in EPROM emulation mode.
User EEPROM (20 bytes) starts from address 0x0A0A and ends at 0x0A1D. It can be read by using below script:
Code: Select all
// DS28EC20
// Read registers
#SCRIPT HEADER;
SCRIPT:v1.8.4;
#HARDWARE SETTINGS;
HW:1-WIRE,4.5V,SLOW;
// Read User EEPROM (20 bytes)
#OPERATION;
SW:0,0,1,19,0,0,0,0,0,500;
INSTR:CC, F0, 0A, 0A; // SKIP ROM + READ MEMORY + START ADDR (0A1Dh)
At address 0x0A1E is located Memory Block Lock (it blocks copy-scratchpad function) and at address 0x0A1F is located Register Page Lock (write protection for protection control blocks). At address 0x0A23-0x0A24 (2 bytes) is manufacturer ID and it's read only (you can order DS28EC20 from Maxim with required manufacturer ID) and at address 0x0A20 is control byte for manufacturer ID (0x55 means no valid manufactruer ID, 0xAAh means valid manufacturer ID). You can read all these bytes using custom script tool too:
Code: Select all
#SCRIPT HEADER;
SCRIPT:v1.8.4;
#HARDWARE SETTINGS;
HW:1-WIRE,4.5V,SLOW;
// Read Memory Block Lock (1 byte)
#OPERATION;
SW:0,0,1,0,0,0,0,0,0,500;
INSTR:CC, F0, 1E, 0A; // SKIP ROM + READ MEMORY + START ADDR (0A1Eh)
// Read Register Page Lock Lock (1 byte)
#OPERATION;
SW:0,0,1,0,0,0,0,0,0,500;
INSTR:CC, F0, 1F, 0A; // SKIP ROM + READ MEMORY + START ADDR (0A1Fh)
// Read Factory Byte (1 byte)
#OPERATION;
SW:0,0,1,0,0,0,0,0,0,500;
INSTR:CC, F0, 20, 0A; // SKIP ROM + READ MEMORY + START ADDR (0A20h)
// Read Factory Trim Bytes (2 bytes)
#OPERATION;
SW:0,0,1,1,0,0,0,0,0,500;
INSTR:CC, F0, 21, 0A; // SKIP ROM + READ MEMORY + START ADDR (0A21h)
// Read Manufacturer ID (2 bytes)
#OPERATION;
SW:0,0,1,1,0,0,0,0,0,500;
INSTR:CC, F0, 23, 0A; // SKIP ROM + READ MEMORY + START ADDR (0A23h)
WRITE additional registers (be careful!)
Factory new chip have registers in factory reset state. You can change block protection or configure EPROM emulation mode for selected blocks. But be careful, once changed it becomes read-only! Datasheet says "Once programmed to AAh or 55h this address becomes read only. All other codes can be stored, but neither write protect the address nor activate any function" so be careful. Writing procedure is described in datasheet pages 12-15 - you have flow diagram which I used to prepare you writing scripts (please read my notes below before using it):
Code: Select all
// DS28EC20
// Write Registers
#SCRIPT HEADER;
SCRIPT:v1.8.4;
#HARDWARE SETTINGS;
HW:1-WIRE,5.0V,SLOW;
// STEP 1 - Write Scratchpad (write x bytes to registers)
#OPERATION;
SW:1,31,0,0,0,0,0,10,0,500;
INSTR: CC, 0F, 00, 0A; // SKIP ROM + Write Scratchpad + TA1 [7:0] target address LSB + TA2 [15:8] target address MSB
DATA: 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00; // Write 32 bytes: Protection Control Bytes (10 bytes) + user eeprom (20 bytes) + memory block lock (1 byte) + register page lock (1 byte) = total 32 bytes
// STEP 2 - Read Scratchpad (TA1 + TA2 + ES + 32 DATA BYTES = 35 bytes total)
// 1st byte should be equal to TA1 from Step 1
// 2nd byte should be equal to TA2 from Step 1
// 3rd byte is AUTHORIZATION CODE which should be used in next step
// 4rd byte should be equal to data byte from Step 1
#OPERATION;
SW:0,0,1,34,0,0,0,0,0,500;
INSTR:CC, AA; // SKIP ROM + READ Scratchpad
// STEP3 - Copy Scratchpad
// Please note - you need to first execute STEP1 and STEP2 to read autorhization code (3rd byte in step2) and use this autorization code last byte in below instruction
#OPERATION;
SW:0,0,0,0,0,0,10,0,0,500;
INSTR:CC, 55, 00, 0A, 1F; // SKIP ROM + COPY Scratchpad + TA1 (from step1) + TA2 (from step1) + AUTHORIZATION CODE (3rd byte read in STEP 2)
In first step we are writing scratchpad. It's additional buffer between RAM and EEPROM. Changing scratchpad only is safe. In DATA field you have total 32 bytes: first 10 bytes are protection control bytes (writing 0x55 or 0xAA to any of these bytes will protect selected block or configure it in EPROM emulation mode), next 20 bytes is user EEPROM, and next 2 bytes is memory block lock and register page lock. In total there are 32 bytes - in script above all are equal to default state (zeros) but you can change it according to your needs.
Second step is required to read authorization code (without this code we can not change registers). So we are reading address bytes (TA1 and TA2) + authorization code (ES) + 32 bytes which you provided in first step.
You can safely run script with step 1 and step 2 (without step 3) - it will not change registers. It should read 35 bytes. 3rd byte is authorization code - please write it down, it will be required for writing. In example above authorization code is 0x1F but in your case it may be different (it depends on data bytes in step 1)
Third step is copy scratchpad operation. You need to provide authorization code here (0x1F in this example - replace it with your own - you can read it in step 2). It copies scratchpad (from step 1) to device memory. Valid authorization code (which you can read in step 2) is required for operation success.
When you run above script (3 operations: step 1 + step 2 + step 3 with valid authorization code) registers will be reprogrammed.
That's all Hope it helps!