NXP Semiconductors
FXTH87E
FXTH87E, Family of Tire Pressure Monitor Sensors
FXTH87ERM
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2019. All rights reserved.
Reference manual
Rev. 5.0 — 4 February 2019
30 / 183
1. Writing 1 to KEYACC in the FCNFG register. This makes the FLASH module interpret
writes to the backdoor comparison key locations (NVBACKKEY through NVBACKKEY
+7) as values to be compared against the key rather than as the first step in a FLASH
program or erase command.
2. Writing the user-entered key values to the NVBACKKEY through NV7
locations. These writes must be done in order starting with the value for NVBACKKEY
and ending with NV7. STHX must not be used for these writes because
these writes cannot be done on adjacent bus cycles. User software normally would
get the key codes from outside the MCU system through a communication interface
such as a serial I/O.
3. Writing 0 to KEYACC in the FCNFG register. If the 8-byte key that was just written
matches the key stored in the FLASH locations, SEC[1:0] are automatically changed
to 1 0 and security will be disengaged until the next reset.
The security key can be written only from secure memory (either RAM or FLASH), so
it cannot be entered through BACKGROUND commands without the cooperation of a
secure user program.
The backdoor comparison key (NVBACKKEY through NV7) is located
in FLASH memory locations in the nonvolatile register space so users can program
these locations exactly as they would program any other FLASH memory location. The
nonvolatile registers are in the same 512-byte block of FLASH as the reset and interrupt
vectors, so block protecting that space also block protects the backdoor comparison key.
Block protects cannot be changed from user application programs, so if the vector space
is block protected, the backdoor security key mechanism cannot permanently change the
block protect, security settings, or the backdoor key.
Security can always be disengaged through the BACKGROUND DEBUG interface by
taking these steps:
1. Disable any block protections by writing FPROT. FPROT can be written only with
BACKGROUND DEBUG commands, not from application software.
2. Mass erase FLASH if necessary.
3. Blank check FLASH. Provided FLASH is completely erased, security is disengaged
until the next reset.
To avoid returning to secure mode after the next reset, program NVOPT so
SEC[1:0] = 1 0.
Note:
Enabling the security feature disables NXP ability to perform failure analysis
without first completely erasing all flash memory contents. If the security feature is
implemented, customer shall be responsible for providing to NXP unsecured parts for any
failure analysis to begin or supplying the entire contents of the device flash memory data
as part of the return process, to allow NXP to erase and subsequently restore the device
to its original condition.
6.9 FLASH registers and control bits
The FLASH module has nine 8-bit registers in the high-page register space, three
locations in the nonvolatile register space in FLASH memory which are copied into three
corresponding high-page control registers at reset. There is also an 8-byte comparison
key in FLASH memory. Refer to
Table 12
and
Table 13
for the absolute address
assignments for all FLASH registers. This section refers to registers and control bits only
by their names. A NXP Semiconductor-provided equate or header file normally is used to
translate these names into the appropriate absolute addresses.
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
Downloaded from
