Chapter 4 Memory
MC9S08QL8 MCU Series Reference Manual, Rev. 1
50
NXP Semiconductors
the MCU secure. During development, whenever the flash is erased, user code must immediately program
the SEC00 bit to 0 in NVOPT so SEC01:SEC00 = 1:0. This would allow the MCU to remain unsecured
after a subsequent reset.
The background debug controller can still be used for background memory access commands of unsecured
resources.
A user can choose to allow or disallow a security unlocking mechanism through an 8-byte backdoor
security key. If the nonvolatile KEYEN bit in NVOPT/FOPT is 0, the backdoor key is disabled and there
is no way to disengage security without completely erasing all flash locations. If KEYEN is 1, a secure
user program can temporarily disengage security by:
1. Writing 1 to KEYACC in the FCNFG register. This makes the flash module interpret writes to the
backdoor comparison key locations (NVBACKKEY through NV7) as values to be
compared against the key rather than as the first step in a flash program or erase command.
2. Writing the user-entered key values to the NVBACKKEY through NV7 locations.
These writes must be done in order starting with the value for NVBACKKEY and ending with
NV7. STHX must not be used for these writes because these writes cannot be done
on adjacent bus cycles. User software normally would get the key codes from outside the MCU
system through a communication interface such as a serial I/O.
3. Writing 0 to KEYACC in the FCNFG register. If the 8-byte key that was just written matches the
key stored in the flash locations, SEC01:SEC00 are automatically changed to 1:0 and security will
be disengaged until the next reset.
The security key can be written only from secure memory (either RAM or flash), so it cannot be entered
through background commands without the cooperation of a secure user program.
The backdoor comparison key (NVBACKKEY through NV7) is located in flash memory
locations in the nonvolatile register space so users can program these locations exactly as they would
program any other flash memory location. The nonvolatile registers are in the same 512-byte block of flash
as the reset and interrupt vectors, so block protecting that space also block protects the backdoor
comparison key. Block protects cannot be changed from user application programs, so if the vector space
is block protected, the backdoor security key mechanism cannot permanently change the block protect,
security settings, or the backdoor key.
Security can always be disengaged through the background debug interface by taking these steps:
1. Disable any block protections by writing FPROT. FPROT can be written only with background
debug commands, not from application software.
2. Mass erase flash if necessary.
3. Blank check flash. Provided flash is completely erased, security is disengaged until the next reset.
To avoid returning to secure mode after the next reset, program NVOPT so SEC01:SEC00 = 1:0.
4.7
Flash Registers and Control Bits
The flash module has six 8-bit registers in the high-page register space. Two locations (NVOPT,
NVPROT) in the nonvolatile register space in flash memory are copied into corresponding high-page
control registers (FOPT, FPROT) at reset. There is also an 8-byte comparison key in flash memory. Refer
Summary of Contents for MC9S08QL4
Page 4: ...MC9S08QL8 MCU Series Reference Manual Rev 1 4 NXP Semiconductors...
Page 36: ...Chapter 3 Modes of Operation MC9S08QL8 MCU Series Reference Manual Rev 1 36 NXP Semiconductors...
Page 56: ...Chapter 4 Memory MC9S08QL8 MCU Series Reference Manual Rev 1 56 NXP Semiconductors...
Page 172: ...Modulo Timer S08MTIMV1 MC9S08QL8 MCU Series Reference Manual Rev 1 172 NXP Semiconductors...
Page 238: ...Development Support MC9S08QL8 MCU Series Reference Manual Rev 1 238 NXP Semiconductors...
Page 239: ......