Security (S12XS9SECV2)
S12XS Family Reference Manual, Rev. 1.13
Freescale Semiconductor
235
7.1.5
Unsecuring the Microcontroller
Unsecuring the microcontroller can be done by three different methods:
1. Backdoor key access
2. Reprogramming the security bits
3. Complete memory erase (special modes)
7.1.5.1
Unsecuring the MCU Using the Backdoor Key Access
In normal modes (single chip and expanded), security can be temporarily disabled using the backdoor key
access method. This method requires that:
•
The backdoor key at 0xFF00–0xFF07 (= global addresses 0x7F_FF00–0x7F_FF07) has been
programmed to a valid value.
•
The KEYEN[1:0] bits within the Flash options/security byte select ‘enabled’.
•
In single chip mode, the application program programmed into the microcontroller must be
designed to have the capability to write to the backdoor key locations.
The backdoor key values themselves would not normally be stored within the application data, which
means the application program would have to be designed to receive the backdoor key values from an
external source (e.g. through a serial port).
The backdoor key access method allows debugging of a secured microcontroller without having to erase
the Flash. This is particularly useful for failure analysis.
NOTE
No word of the backdoor key is allowed to have the value 0x0000 or
0xFFFF.
7.1.6
Reprogramming the Security Bits
In normal single chip mode (NS), security can also be disabled by erasing and reprogramming the security
bits within Flash options/security byte to the unsecured value. Because the erase operation will erase the
entire sector from 0xFE00–0xFFFF (0x7F_FE00–0x7F_FFFF), the backdoor key and the interrupt vectors
will also be erased; this method is not recommended for normal single chip mode. The application
software can only erase and program the Flash options/security byte if the Flash sector containing the Flash
options/security byte is not protected (see Flash protection). Thus Flash protection is a useful means of
preventing this method. The microcontroller will enter the unsecured state after the next reset following
the programming of the security bits to the unsecured value.
This method requires that:
•
The application software previously programmed into the microcontroller has been designed to
have the capability to erase and program the Flash options/security byte, or security is first disabled
using the backdoor key method, allowing BDM to be used to issue commands to erase and program
the Flash options/security byte.
•
The Flash sector containing the Flash options/security byte is not protected.
Summary of Contents for MC9S12XS128
Page 4: ...S12XS Family Reference Manual Rev 1 13 4 Freescale Semiconductor ...
Page 168: ...Interrupt S12XINTV2 S12XS Family Reference Manual Rev 1 13 168 Freescale Semiconductor ...
Page 736: ...Ordering Information S12XS Family Reference Manual Rev 1 13 736 Freescale Semiconductor ...
Page 737: ......