How to enable security on a KL15

Safwat · ‎03-04-2013

Hi everyone,

I am using a KL15 series MCU for my development.

But I am not sure on how to set the values of the FTFA_FSEC registers to secure my flash.

Since the FSEC register is loaded at reset, I'm guessing that I should populate proper values in the flash configuration field and load the firmware in my MCU. After reset, FTFA_FSEC register should be loaded with the intended security bits.

Or is it a better idea to use the "in application flash programming" to set the flash config field followed by a reset?

Would be helpful if there was some example on how to properly do this. I don't want to mess up and permanently lock my QFN device. Difficult to manual solder.

Would appreciate some working sample code on how to do this

Thanks.

Safwat

Safwat · ‎03-05-2013

I managed to get it working. Quite simple.

I knew that In CW10.3 the linker file has a section for the flash configuration field. The section is named .cfmconfig.

So I just declared a 13 byte char array and placed it at that location. The code is like below:

// Setting the flash security fields

uint8_t FCFValues[]__attribute__((section(".cfmconfig"))) =

{

0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, // 8 Bytes for backdoor comparison key. Set to default value.

0xFF,0xFF,0xFF,0xFF, // 4 Bytes for flash protection field. Set to default value

0x00 // 1 Byte for the security reg. SEC bits = 00 (Security enable), MEEN bits = 00 (Mass erase enable);

// The rest of the bytes in the FCF do not need any configuration for read protect

};

After this I am not able to read or debug. But I am able to mass erase and reprogram. Serves my purpose.

The reference manual is a bit tricky as it does not list the registers in order of their address at page 413, Section 27.3.1.

Looking at the table above one can easily assume that the flash security byte is at the end of the FCF.

I made the same mistake and actually programmed the FCF wrongly one time. Luckily it didn't lock up my MCU.

Do correct me if I mentioned anything wrong.

Safwat

View solution in original post

Safwat · ‎03-05-2013

I managed to get it working. Quite simple.

I knew that In CW10.3 the linker file has a section for the flash configuration field. The section is named .cfmconfig.

So I just declared a 13 byte char array and placed it at that location. The code is like below:

// Setting the flash security fields

uint8_t FCFValues[]__attribute__((section(".cfmconfig"))) =

{

0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, // 8 Bytes for backdoor comparison key. Set to default value.

0xFF,0xFF,0xFF,0xFF, // 4 Bytes for flash protection field. Set to default value

0x00 // 1 Byte for the security reg. SEC bits = 00 (Security enable), MEEN bits = 00 (Mass erase enable);

// The rest of the bytes in the FCF do not need any configuration for read protect

};

After this I am not able to read or debug. But I am able to mass erase and reprogram. Serves my purpose.

The reference manual is a bit tricky as it does not list the registers in order of their address at page 413, Section 27.3.1.

Looking at the table above one can easily assume that the flash security byte is at the end of the FCF.

I made the same mistake and actually programmed the FCF wrongly one time. Luckily it didn't lock up my MCU.

Do correct me if I mentioned anything wrong.

Safwat

Monica · ‎03-05-2013

Great job Safwat, thanks for sharing! :smileyhappy:

Regards!

How to enable security on a KL15

How to enable security on a KL15

Kinetis L Series MCUs