"Device is secure. Erase to ensecure?".

arturoarteaga · ‎03-07-2017

Hi,

I would like to reprogram a MK20DX64VLH7 microcontroller that I have in a board with , but I haven´t been able to download the new firmware and erase a previous firmware that I´ve just download before succesfully. In the monitor it appears the next message: "Device is secure. Erase to ensecure?". I repetedly choose "Yes" but without any success, until the next message appears: "Launching LED Debug (4) has encountered a problem. Error in services launch sequence". In details appears written: "Error in services launch sequence Timed out trying to launch GDB Server."

I use KDS application, and "Debug Configuration" Option and GDB PEMicro with "Multilink Universal" programmer.

I´ve followed the KDS User Guide in order to set Debug Configurations.

Maybe there is one problem with the secure configuration of microcontroller, but I don´t know.

How can I erase the flash memory to reprogramm again?

I didn´t program the 0x40C address related to "NV_SEC" because I´ve only done the tutorial from Processor Expert, but I don´t know if this application program this address (0x40C) by default when I choose "Generate Processor Expert Code".

Anyway I tell you that it appears in this this address in my application:

NV_SEC (Address: 0x40C):

Init. value. 7E
After reset. FF

whose bits are:

KEYEN bits:
Init. value. 01
After reset. 11

MEEN bits:
Init. value. 11
After reset. 11

FSLACC bits:
Init. value. 11
After reset. 11

SEC bits:
Init. value. 10
After reset. 11

I don´t know how I can access to these registers by the "Processor Expert Application".

I would like to know how I could erase the firmware loaded in the MK20DX64VLH7 microcontroller to be able to reprogram it, as well as reprogramming in unsecure mode in order not to have this problems again. Or to program a firmware erasing the firmware loaded before. Do you know if there are any application to manage this. I have used "pe_gdb_server" and "multilink_universal" applications before but without any success.

Moreover I didn´t check a box to secure. The security boxes from the flash are disable by default and Protection regions are unprotected in Component Inspector Properties in the "Processor Expert Application" in KDS.

According to this I think there shouldn´t be any problem with accesses related to security.

I will continue researching.

Thanks previouslly for your answer.

your sincerelly,

Arturo Arteaga

arturoarteaga · ‎03-22-2017

Hi Kerry,

Firstly thanks for your help,

I have managed to send a message to PC with your proposed configuration. It’s clear that it’s different from “Getting started Guide” that it´s done with another microcontroller. I have put “SERIAL_LDD”, instead of “console”, but I have change to UART1 and 115200 bauds and the same configuration as yours.

Now I want to receive data from PC to microcontroller and to re-send from microcontroller to PC the same data. It´s for testing to inizialite a future new application in the company. But my application now doesn´t receive anything.

I have attached my proyect in this mail (Serie_Comunication). I think “AS1_OnBlockReceived” function should be called when a data is received but this function isn´t called when I send data from PC to microcontroller by writing from a keyboard in Tera application in order to arrive to microcontroller. In this function I use “SendBlock” function (it´s just functional) and also I use “GPIO1_ToggleFieldBits” (this function makes a toggle in a led) in order to check if the function is really called

Why “AS1_OnBlockReceived” function isn´t called when a data is sent for me from the PC?? This function is enabled in AS1 component and also it appears as enabled in “AS1.h” file from the project. Also you can see “PE_ISR(AS1_Interrupt)” function in “AS1.c” file. In “Vectors” file, you can see that both of the interrupts also appears.

See all captured images attached in this mail, please.

Should I configure anything more?? I can just send but is there any lack to manage the reception data and sending data at the same time??

I have seen in “AS1.h” file that “TX interrupt” is enabled. In 146 line, you can see the next:

#define ENABLED_TX_INT 0x01U /*!< TX interrupt enabled */

#define BREAK_DETECTED 0x02U /*!< Break detected */

#define TX_COMPLETED 0x04U /*!< Transmission completed */

#define ENABLE_TX_COMPLETE 0x10U /*!< Enable/Disable of TX complete detection. Used in the polling mode only */

but I haven’t found anything about RX interrupt enabled. Do you know anyway in the configuration that you can set RX interrupt enabled like “TX interrupt”?

Do you know if I have to set the RX in another lines??, like the next lines in “AS1.c”:

LDD_TError AS1_SendBlock(LDD_TDeviceData *DeviceDataPtr, LDD_TData *BufferPtr, uint16_t Size)

{

AS1_TDeviceDataPtr DeviceDataPrv = (AS1_TDeviceDataPtr)DeviceDataPtr;

if (Size == 0U) { /* Is the parameter Size within an expected range? */

return ERR_PARAM_SIZE; /* If no then error */

}

if (DeviceDataPrv->OutDataNumReq != 0x00U) { /* Is the previous transmit operation pending? */

return ERR_BUSY; /* If yes then error */

}

/* {Default RTOS Adapter} Critical section begin, general PE function is used */

EnterCritical();

DeviceDataPrv->OutDataPtr = (uint8_t)BufferPtr; / Set a pointer to the output data. */

DeviceDataPrv->OutDataNumReq = Size; /* Set the counter of characters to be sent. */

DeviceDataPrv->OutSentDataNum = 0x00U; /* Clear the counter of sent characters. */

DeviceDataPrv->SerFlag |= ENABLED_TX_INT; /* Set the flag ENABLED_TX_INT */

UART_PDD_EnableInterrupt(UART1_BASE_PTR, UART_PDD_INTERRUPT_TRANSMITTER); /* Enable TX interrupt */

/* {Default RTOS Adapter} Critical section end, general PE function is used */

ExitCritical();

return ERR_OK; /* OK */

}

Or

static void InterruptTx(AS1_TDeviceDataPtr DeviceDataPrv)

{

if (DeviceDataPrv->OutSentDataNum < DeviceDataPrv->OutDataNumReq) { /* Is number of sent characters less than the number of requested incoming characters? */

UART_PDD_PutChar8(UART1_BASE_PTR, (DeviceDataPrv->OutDataPtr++)); / Put a 8-bit character to the transmit register */

DeviceDataPrv->OutSentDataNum++; /* Increment the counter of sent characters. */

if (DeviceDataPrv->OutSentDataNum == DeviceDataPrv->OutDataNumReq) {

DeviceDataPrv->OutDataNumReq = 0x00U; /* Clear the counter of characters to be send by SendBlock() */

AS1_OnBlockSent(DeviceDataPrv->UserDataPtr);

}

} else {

UART_PDD_DisableInterrupt(UART1_BASE_PTR, UART_PDD_INTERRUPT_TRANSMITTER); /* Disable TX interrupt */

DeviceDataPrv->SerFlag &= (uint16_t)(~(uint16_t)ENABLED_TX_INT); /* Clear the flag ENABLED_TX_INT */

}

Or

PE_ISR(AS1_Interrupt)

{

/* {Default RTOS Adapter} ISR parameter is passed through the global variable */

AS1_TDeviceDataPtr DeviceDataPrv = INT_UART1_RX_TX__DEFAULT_RTOS_ISRPARAM;

register uint32_t StatReg = UART_PDD_ReadInterruptStatusReg(UART1_BASE_PTR); /* Read status register */

if (StatReg & (UART_S1_NF_MASK | UART_S1_OR_MASK | UART_S1_FE_MASK | UART_S1_PF_MASK)) { /* Is any error flag set? */

(void)UART_PDD_GetChar8(UART1_BASE_PTR); /* Dummy read 8-bit character from receiver */

StatReg &= (uint32_t)(~(uint32_t)UART_S1_RDRF_MASK); /* Clear the receive data flag to discard the errorneous data */

}

if (StatReg & UART_S1_RDRF_MASK) { /* Is the receiver's interrupt flag set? */

InterruptRx(DeviceDataPrv); /* If yes, then invoke the internal service routine. This routine is inlined. */

}

if (DeviceDataPrv->SerFlag & ENABLED_TX_INT) { /* Is the transmitter interrupt enabled? */

if (StatReg & UART_S1_TDRE_MASK) { /* Is the transmitter empty? */

InterruptTx(DeviceDataPrv); /* If yes, then invoke the internal service routine. This routine is inlined. */

}

Do you know if I should change this code by hand or by “Generate Processor Expert Code” tool?? I think I should write “RX interrupt” by “Generate Processor Expert Code” tool? But In which side of Component Inspector should I change the configurations?

Thank you again for your effort,

Have a nice day,

Arturo Arteaga

De: kerryzhou

Enviado el: miércoles, 22 de marzo de 2017 9:29

Para: Arturo Arteaga

Asunto: Re: - Re: "Device is secure. Erase to ensecure?".

<https://community.freescale.com/resources/statics/1000/35400-NXP-Community-Email-banner-600x75.jpg> NXP Community

Re: "Device is secure. Erase to ensecure?".

reply from Kerry Zhou <https://community.nxp.com/people/kerryzhou?et=watches.email.thread> in Kinetis Microcontrollers - View the full discussion <https://community.nxp.com/message/889421?commentID=889421&et=watches.email.thread#comment-889421>

arturoarteaga · ‎03-21-2017

Hi Kerry,

It’s the same configuration. I send you an attached image about both configurations in UART Component and Tera Configuration. They both work at 9600 bauds.

Yesterday I asked you about some transmission registers, do you Know the registers in which appears the UART output transmission data or the UART output buffer for mK20dx256vlh7 microcontroller?? I´m reading in the datasheet and I don´t find any registers related on them. I want to see if the transmission data in these registers are the same that I want to transmit and also in order to compare with data that arrive to Tera application.

Thanks a lot for your help.

Have a nice day too,

Arturo Arteaga

De: kerryzhou

Enviado el: martes, 21 de marzo de 2017 11:09

Para: Arturo Arteaga

Asunto: Re: - Re: "Device is secure. Erase to ensecure?".

<https://community.freescale.com/resources/statics/1000/35400-NXP-Community-Email-banner-600x75.jpg> NXP Community

Re: "Device is secure. Erase to ensecure?".

reply from Kerry Zhou <https://community.nxp.com/people/kerryzhou?et=watches.email.thread> in Kinetis Microcontrollers - View the full discussion <https://community.nxp.com/message/889012?commentID=889012&et=watches.email.thread#comment-889012>

arturoarteaga · ‎03-20-2017

Hi Kerry,

The application don’t let me put the “for{;;}” line before

https://community.nxp.com/servlet/JiveServlet/showImage/2-888387-179660/pastedImage_4.png

It tell me there’s a problem.

this “for{;;}” line is put me after by default.

Another lines although I can put before

https://community.nxp.com/servlet/JiveServlet/showImage/2-888387-179660/pastedImage_4.png

These lines aren’t executed when they are before:

https://community.nxp.com/servlet/JiveServlet/showImage/2-888387-179659/pastedImage_3.png

The application stops in a line inside the GPIO function, but I haven´t decided to put a breakpoint inside this function. I don’t know why.

Why can´t I executed these lines? Why can´t I stop in the breakpoints lines? Have I to install something more? Have I to repair something wrong? Are there similar errors by another users?

The project is very simple to start to work. Why don’t work?

Thanks for your help

Have a nice day too,

Arturo Arteaga

De: kerryzhou

Enviado el: lunes, 20 de marzo de 2017 6:46

Para: Arturo Arteaga

Asunto: Re: - Re: "Device is secure. Erase to ensecure?".

<https://community.freescale.com/resources/statics/1000/35400-NXP-Community-Email-banner-600x75.jpg> NXP Community

Re: "Device is secure. Erase to ensecure?".

reply from Kerry Zhou <https://community.nxp.com/people/kerryzhou?et=watches.email.thread> in Kinetis Microcontrollers - View the full discussion <https://community.nxp.com/message/888387?commentID=888387&et=watches.email.thread#comment-888387>

kerryzhou · ‎03-20-2017

Hi Arturo Arteaga,

Send me your test project, I will help you to check it when I am free.

I think this method will be the fastest way to get you out.

Have a great day,
Kerry

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

arturoarteaga · ‎03-20-2017

Ok thanks, I´ll send you my test Project attached.

In “mein file there are 2 for{;;} loops:

One before,

https://community.nxp.com/servlet/JiveServlet/showImage/2-888387-179660/pastedImage_4.png

that I don’t know if I have to put here.

And another one, after previous lines mentioned, that it´s develop by default.

I keep waiting for your check.

Thank you very much for your help again,

Arturo Arteaga

De: kerryzhou

Enviado el: lunes, 20 de marzo de 2017 11:01

Para: Arturo Arteaga

Asunto: Re: - Re: "Device is secure. Erase to ensecure?".

<https://community.freescale.com/resources/statics/1000/35400-NXP-Community-Email-banner-600x75.jpg> NXP Community

Re: "Device is secure. Erase to ensecure?".

reply from Kerry Zhou <https://community.nxp.com/people/kerryzhou?et=watches.email.thread> in Kinetis Microcontrollers - View the full discussion <https://community.nxp.com/message/888554?commentID=888554&et=watches.email.thread#comment-888554>

arturoarteaga · ‎03-17-2017

Hi Kerry,

The KDS version is 3.2.0. I have made sure that the program has executed break point position, because it´s only a toggle function executed on the led and I’ve seen how the led is toggled but without stopping in the breakpoint.

On the other hand, I’ve read that exists some commands for setting the breakpoints I’ve wrote these commands in the GDB window in Debug tab and Startup tab, however It doesn´t work on. I don´t know if some commands I should write before debugging and where or in which place I should write.

These are the linkers in KDS to this information about breakpoints.

file:///C:/Freescale/KDS_v3/Toolchain/share/doc/gcc-arm-none-eabi/html/gdb/Set-Breaks.html#Set-Breaks <file:///C:\Freescale\KDS_v3\Toolchain\share\doc\gcc-arm-none-eabi\html\gdb\Set-Breaks.html#Set-Breaks>

file:///C:/Freescale/KDS_v3/Toolchain/share/doc/gcc-arm-none-eabi/html/gdb/Maintenance-Commands.html#maint%20info%20breakpoints <file:///C:\Freescale\KDS_v3\Toolchain\share\doc\gcc-arm-none-eabi\html\gdb\Maintenance-Commands.html#maint%20info%20breakpoints>

Do you know something about these commands?? This is the source of the problem??

Thanks Kerry for your help.

Regards,

Arturo

De: kerryzhou

Enviado el: viernes, 17 de marzo de 2017 10:55

Para: Arturo Arteaga

Asunto: Re: - Re: "Device is secure. Erase to ensecure?".

<https://community.freescale.com/resources/statics/1000/35400-NXP-Community-Email-banner-600x75.jpg> NXP Community

Re: "Device is secure. Erase to ensecure?".

reply from Kerry Zhou <https://community.nxp.com/people/kerryzhou?et=watches.email.thread> in Kinetis Microcontrollers - View the full discussion <https://community.nxp.com/message/888032?commentID=888032&et=watches.email.thread#comment-888032>

arturoarteaga · ‎03-17-2017

Ok thanks, in some minutes I´ll send you.

De: kerryzhou

Enviado el: viernes, 17 de marzo de 2017 8:59

Para: Arturo Arteaga

Asunto: Re: - Re: "Device is secure. Erase to ensecure?".

<https://community.freescale.com/resources/statics/1000/35400-NXP-Community-Email-banner-600x75.jpg> NXP Community

Re: "Device is secure. Erase to ensecure?".

reply from Kerry Zhou <https://community.nxp.com/people/kerryzhou?et=watches.email.thread> in Kinetis Microcontrollers - View the full discussion <https://community.nxp.com/message/888026?commentID=888026&et=watches.email.thread#comment-888026>

kerryzhou · ‎03-07-2017

Hi Arturo Arteaga,

About the secure, please read this document at first:

https://community.nxp.com/servlet/JiveServlet/download/857127-1-396709/Kinetis%20Lock%20issue%20anal...

If you have the JLINK, I suggest you to use the JLINK to unlock it in the JLINK commander window.

If you don't have JLINK, try to use mass erase in the KDS:

Please try it at first, if you still have problem, please let me know!

Have a great day,
Kerry

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

learningtreesdi · ‎08-08-2019

Thanks . It really works for me.

BR , LT.

arturoarteaga · ‎03-08-2017

Hi Kerry,

Firstly I would like to thank you because of your answer.

Unfortunately I don´t use JLINK, here we only use “Multilink Universal” from PE Micro. I have just done your proposed solution that I should check the “Emergency Kinetis device Recovery by chip erase” box but it wasn´t satisfactory as well. When I debug the chip, instead of receiving the message “Device is secure. Erase to unsecure?”, I receive the message that I´m attaching in this mail (“An error occurred while connecting to the interface hardware….”) and next another message (“Launching LED debug” has encountered a problem. Error in services launch sequence…). (see “Debug fail” image attached)

I have read carefully your “*.pdf” document. Maybe in my case the error root could be that when I managed to debug, I have chosen “Disconnect” option in the “GDB Trace” in KDS Application instead of having chosen “Terminate” option previously, or perhaps I have pulsed the Reset button in my target. I don’t know if when it happens this coincidences, it is that the chip is in “secure state”.

Sometimes I have managed to erase the chip with P&E GDB Server for Kinetis application when I had chosen “Allways mass erase on connect”, but then after I have managed to reprogram successfully later I can´t reprogram again because it is in “secure state” because of coincidences that I don´t know.

Also I have used “Multilink universal” software application, but without any success result.

I´ve seen to the CPU registers, that every FSEC bit changes to “1” after RESET (I have attached these registers in the application), I think that with SEC bits in “11”, maybe the chip enters in “secure state”. In MK20DX256VH7 datasheet you can read that the microcontroller enters in this secure state if you have these “11” values in SEC values. (See “NV_FSEC” image attached)

I want to know if there is an application that I manage to erase the chip, in order to manage to get out from “secure state”.

Another solution is, if there is a development firmware that you can erase or initialize the microcontroller in order to reprogram microcontroller from KDS application.

Or also if I can develop a new firmware that I can set a new configuration for the CPU, thus I can manipulate the CPU inside bits that erase the before firmware. Do you know what bits you can manipulate to erase the chip? I have seen MDM-AP register that it is mentioned in *.pdf. The 0 bit from MDM-AP register (Flash Erase Mass in progress), it appears that It is only cleared by hardware after mass erase operation completes. I think this operation I´ve just manipulate with P&E GDB Server for Kinetis application that I mentioned before. Do you Know if there is another way to erase by another bit? Or if you can access to this MDM-AP register by CPU configuration somehow. I haven´t seen this register in CPU peripheral registers. (See “MDM-AP” image attached).

Thanks again for your help,

Regards,

Arturo Arteaga

De: kerryzhou

Enviado el: miércoles, 08 de marzo de 2017 4:25

Para: Arturo Arteaga

Asunto: Re: - Re: "Device is secure. Erase to ensecure?".

<https://community.freescale.com/resources/statics/1000/35400-NXP-Community-Email-banner-600x75.jpg> NXP Community

Re: "Device is secure. Erase to ensecure?".

reply from Kerry Zhou <https://community.nxp.com/people/kerryzhou?et=watches.email.thread> in Kinetis Microcontrollers - View the full discussion <https://community.nxp.com/message/884677?commentID=884677&et=watches.email.thread#comment-884677>

arturoarteaga · ‎03-08-2017

Sorry but didn´t appear the images in the previous message. I attach the images related to the previous image.

Thanks,

Regards.

kerryzhou · ‎03-08-2017

Hi Arturo Arteaga,

If your software code didn't lock the chip, your problem should be caused by the hardware.

Please check your hardware about these points:

1. Reset pin should have 4.7k to 10K pull-up resistor, and 0.1uf capacitor to ground.

2. NMI pin should have external pull up

3. SWD_DIO should have 4.7k to 10K pull up resistor.

The above is the basic board design.

But if the device security is caused by the power up sequence: if the reset pin power up earlier than VDD, it will lock the chip and hard to recover.

I suggest you find a JLINK, and use the JLINK commander input: unlock kinetis at first.

If the JLINK still can't unlock it, your chip maybe difficult to unsecure, just like the power up sequence problem.

Please also use short debugger cable which is mentioned in the document which I give you before.

Please check your hardware again, you also can find another board, make sure the hardware is meet the demand, and download the code which is in unsecure mode again.

Have a great day,
Kerry

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

arturoarteaga · ‎03-09-2017

Hi Kerry,

Thanks of your last answer.

I have made the changes that you have suggested me, in our case it was to put a new capacitor of 100 nF in the RESET pin to ground.

Some hours it has worked although it was locked when we switched off the power, and later we managed to unlock the chip with the “PE GDB for KINETIS” with the “mass erase on connect” functionality and then later we downloaded the program several times.

But although this success, we have had the chip locked and now we haven´t been able to unlocked again. I don´t know why.

I have done a captured image from the oscilloscope between the VDD signal and RESET signal. In the image you can see a green curve and a pink curve. Green curve is the VDD signal and pink signal is the RESET signal. You can see that RESET signal isn´t before as VDD signal, and we haven’t problems with the frequency and levels of signals.

I hope you have known something more than what happen.

Thanks a lot for all of your help.

Regards,

Arturo Arteaga

De: kerryzhou

Enviado el: jueves, 09 de marzo de 2017 6:19

Para: Arturo Arteaga

Asunto: Re: - Re: "Device is secure. Erase to ensecure?".

<https://community.freescale.com/resources/statics/1000/35400-NXP-Community-Email-banner-600x75.jpg> NXP Community

Re: "Device is secure. Erase to ensecure?".

reply from Kerry Zhou <https://community.nxp.com/people/kerryzhou?et=watches.email.thread> in Kinetis Microcontrollers - View the full discussion <https://community.nxp.com/message/884975?commentID=884975&et=watches.email.thread#comment-884975>