topic Re: S32K144 unlock Secure debug in S32K

S32K144 unlock Secure debug

Kishore_14 — Tue, 03 Feb 2026 10:34:43 GMT

Hi,

We are attempting to unlock secure debug on an S32K144 device using winIDEA.
According to iSYSTEM documentation
NXP S32: Unlocking secure debug on NXP S32G2/3xx and S32R45x
secure debug unlocking is supported for S32G2 and S32K3 devices with password parameters.

However, when configuring the S32K144 in winIDEA CPU Options, the security unlock
parameters (Protection, Password, SmartCardPassword) that are available for S32G2/S32K3
devices are not present.

**The connection script $(SFR_FILE_DIR)/S32K1xx_ConnectToSoC.cpp contains no unlock parameters
or security-related functions for S32K144 devices**

Questions:
1. Does S32K144 support secure debug unlocking?
2. If yes, what is the proper procedure for S32K144?
3. Are there alternative methods or tools for S32K144 secure debug unlock?

Re: S32K144 unlock Secure debug

Julián_AragónM — Tue, 03 Feb 2026 19:43:53 GMT

Hi @Kishore_14,

1. Yes. However, it is somewhat different than S32K3xx procedures. The JTAG/SWD interface will be disabled when the part is secured. This means that a debug controller cannot read or write to SOC memory mapped addresses when the part is in this state.

The part is secure when the FTFC_FSEC byte is in a secure state in the flash configuration field.

2. Please refer to AN12130 & Example S32K144 Verify Backdoor Access Key S32DS1.3. Also, chapter 5.2.1 Flash memory security from S32K1xx reference manual also explains how the FSEC field works.

3. There is also the JTAG Lock procedure on NXP S32K1xx blog from winIDEA. It is the same documentation as the S32K/G/R link you've shared, but focused on the K1 devices.

Best regards,
Julián

Re: S32K144 unlock Secure debug

Kishore_14 — Wed, 04 Feb 2026 07:26:39 GMT

Hi,

Thank you for the references provided.

We have reviewed:
- S32DS1.3 Backdoor Access Key example
- winIDEA S32K1xx JTAG Lock blog

The winIDEA blog shows how to lock S32K1xx devices using Flash Security byte (0x40C),
but we need the procedure to UNLOCK an already secured S32K1xx device via winIDEA.

The iSYSTEM unlock documentation only covers S32K3xx and S32G2xx devices with
password parameters, which are not available for S32K1xx in winIDEA.

Could you please provide:
1. The specific winIDEA procedure to unlock a secured S32K1xx device?
2. How to configure the backdoor access key method in winIDEA for S32K1xx?

Re: S32K144 unlock Secure debug

Julián_AragónM — Wed, 04 Feb 2026 22:44:56 GMT

Hi @Kishore_14,

I am not sure what is the specific procedure to unlock the S32K device through winIDEA. Since this SW is not from NXP, rather from a third-party, could you try contacting them instead? Online Help - iSYSTEM.

In order to unlock the S32K1xx, you either need to enable and enter the backdoor key or mass erase must be enabled.

The backdoor key can be used to unlock the MCU by the FTFC command only. (Unlock flash on S32K144W from firmware - NXP Community)

If you want to unlock the MCU from outside, you need to mass erase the whole chip.

I've found this post explaining the same thing, using winIDEA: Arm Cortex-M: Locked/secured device - TASKING Knowledge Base.

Best regards,
Julián

Re: S32K144 unlock Secure debug

Kishore_14 — Thu, 05 Feb 2026 10:30:35 GMT

We have an additional question regarding S32K1xx secure debug unlock:

Hardware Debugger Support:
1. S32 Debugger- Shows "Secure debugging" option in S32DS:
- "Enable secure debugging" checkbox available
- "Debugging type: Password" dropdown available
- We don't have S32 debugger hardware

2. PEMicro Debugger - No secure debugging option visible:
- We have PEMicro hardware
- No secure debugging options in S32DS interface
- We don't have PEMicro license

1. Does PEMicro debugger support S32K1xx secure debug unlock?
2. Is the secure debugging feature only available with S32 debugger hardware?
3. If PEMicro supports it, how do we enable secure debugging options for S32K1xx with PEMicro?

Re: S32K144 unlock Secure debug

Julián_AragónM — Fri, 06 Feb 2026 21:49:32 GMT

Hi @Kishore_14,

1. Does PEMicro debugger support S32K1xx secure debug unlock?

Not as far as I'm aware.

2. Is the secure debugging feature only available with S32 debugger hardware?

Secure debugging is only available for S32G/R/Z devices. You can see that selecting the S32K144 device disables the "Secure debugging" option:

3. If PEMicro supports it, how do we enable secure debugging options for S32K1xx with PEMicro?

If they support any kind of scripts, you can ask their support page: PEmicro Support Home.

However, as I've mentioned, you have two methods: backdoor key by the FTFC command or mass erase the whole chip (if mass erase is enabled).

Best regards,
Julián

Re: S32K144 unlock Secure debug

Kishore_14 — Mon, 09 Feb 2026 06:59:43 GMT

Hi Julian,

Following up on your previous response about "backdoor key by FTFC command" for S32K1xx:

1. When you mention "backdoor key by FTFC command," do you mean using the example project Example_S32K144_Verify_Backdoor_Access_Key_S32DS1.3_v2 approach with FTFC command 0x45?

2. If I'm using a different project (like a bootloader), do I need to hardcode the backdoor key unlock code into every project?

Thanks.

Re: S32K144 unlock Secure debug

Julián_AragónM — Mon, 09 Feb 2026 22:14:21 GMT

Hi @Kishore_14,

1. Yes.

2. I'm not sure if I understood the question correctly. The FSEC register is a read-only register and is loaded with the content of the flash security byte in the Flash Configuration Field located in program flash memory during the reset sequence. The configuration field holds the Backdoor comparison key as well and is configurable in startup_S32K1XX.S file.

If you are referring to loading the key through FTFC, you can create a routine which receives the key through UART, CAN, SPI, etc. (except JTAG/SWD) and loads the key, thus un-securing the device and unlocking JTAG/SWD interface as well until the next reset.

Best regards,
Julián