Техническая Спецификация для Freescale Semiconductor Tower System Eval Kit for MC9S12GN32 TWR-S12GN32-KIT TWR-S12GN32-KIT

Freescale Semiconductor

1135

The Flash module provides security information to the MCU. The Flash security state is defined by the
SEC bits of the FSEC register (see

register using data read from the security byte of the Flash configuration field at global address 0x3_FF0F.
The security state out of reset can be permanently changed by programming the security byte assuming
that the MCU is starting from a mode where the necessary P-Flash erase and program commands are
available and that the upper region of the P-Flash is unprotected. If the Flash security byte is successfully
programmed, its new value will take affect after the next MCU reset.

The following subsections describe these security-related subjects:

•

•

•

The MCU may be unsecured by using the backdoor key access feature which requires knowledge of the
contents of the backdoor keys (four 16-bit words programmed at addresses 0x3_FF00-0x3_FF07). If the
KEYEN[1:0] bits are in the enabled state (see

), the Verify Backdoor Access Key

command (see

) allows the user to present four prospective keys for comparison to the

keys stored in the Flash memory via the Memory Controller. If the keys presented in the Verify Backdoor
Access Key command match the backdoor keys stored in the Flash memory, the SEC bits in the FSEC
register (see

) will be changed to unsecure the MCU. Key values of 0x0000 and 0xFFFF are

not permitted as backdoor keys. While the Verify Backdoor Access Key command is active, P-Flash
memory and EEPROM memory will not be available for read access and will return invalid data.

The user code stored in the P-Flash memory must have a method of receiving the backdoor keys from an
external stimulus. This external stimulus would typically be through one of the on-chip serial ports.

If the KEYEN[1:0] bits are in the enabled state (see

), the MCU can be unsecured by the

backdoor key access sequence described below:

1. Follow the command sequence for the Verify Backdoor Access Key command as explained in

2. If the Verify Backdoor Access Key command is successful, the MCU is unsecured and the

SEC[1:0] bits in the FSEC register are forced to the unsecure state of 10

The Verify Backdoor Access Key command is monitored by the Memory Controller and an illegal key will
prohibit future use of the Verify Backdoor Access Key command. A reset of the MCU is the only method
to re-enable the Verify Backdoor Access Key command. The security as defined in the Flash security byte
(0x3_FF0F) is not changed by using the Verify Backdoor Access Key command sequence. The backdoor
keys stored in addresses 0x3_FF00-0x3_FF07 are unaffected by the Verify Backdoor Access Key
command sequence. The Verify Backdoor Access Key command sequence has no effect on the program
and erase protections defined in the Flash protection register, FPROT.

After the backdoor keys have been correctly matched, the MCU will be unsecured. After the MCU is
unsecured, the sector containing the Flash security byte can be erased and the Flash security byte can be