Chapter 9 Security (S12XE9SECV2)
MC9S12XE-Family Reference Manual Rev. 1.19
Freescale Semiconductor
349
•
The KEYEN[1:0] bits within the Flash options/security byte select ‘enabled’.
•
In single chip mode, the application program programmed into the microcontroller must be
designed to have the capability to write to the backdoor key locations.
The backdoor key values themselves would not normally be stored within the application data, which
means the application program would have to be designed to receive the backdoor key values from an
external source (e.g. through a serial port).
The backdoor key access method allows debugging of a secured microcontroller without having to erase
the Flash. This is particularly useful for failure analysis.
NOTE
No word of the backdoor key is allowed to have the value 0x0000 or
0xFFFF.
9.1.6
Reprogramming the Security Bits
In normal single chip mode (NS), security can also be disabled by erasing and reprogramming the security
bits within Flash options/security byte to the unsecured value. Because the erase operation will erase the
entire sector from 0xFE00–0xFFFF (0x7F_FE00–0x7F_FFFF), the backdoor key and the interrupt vectors
will also be erased; this method is not recommended for normal single chip mode. The application
software can only erase and program the Flash options/security byte if the Flash sector containing the Flash
options/security byte is not protected (see Flash protection). Thus Flash protection is a useful means of
preventing this method. The microcontroller will enter the unsecured state after the next reset following
the programming of the security bits to the unsecured value.
This method requires that:
•
The application software previously programmed into the microcontroller has been designed to
have the capability to erase and program the Flash options/security byte, or security is first disabled
using the backdoor key method, allowing BDM to be used to issue commands to erase and program
the Flash options/security byte.
•
The Flash sector containing the Flash options/security byte is not protected.
9.1.7
Complete Memory Erase (Special Modes)
The microcontroller can be unsecured in special modes by erasing the entire EEPROM and Flash memory
contents.
When a secure microcontroller is reset into special single chip mode (SS), the BDM firmware verifies
whether the EEPROM and Flash memory are erased. If any EEPROM or Flash memory address is not
erased, only BDM hardware commands are enabled. BDM hardware commands can then be used to write
to the EEPROM and Flash registers to mass erase the EEPROM and all Flash memory blocks.
When next reset into special single chip mode, the BDM firmware will again verify whether all EEPROM
and Flash memory are erased, and this being the case, will enable all BDM commands, allowing the Flash
options/security byte to be programmed to the unsecured value. The security bits SEC[1:0] in the Flash
security register will indicate the unsecure state following the next reset.
Because
of
an
order
from
the
United
States
International
Trade
Commission,
BGA-packaged
product
lines
and
part
numbers
indicated
here
currently
are
not
available
from
Freescale
for
import
or
sale
in
the
United
States
prior
to
September
2010:
S12XE
products
in
208
MAPBGA
packages