Setting Security for MC9S98GB60

fef · ‎06-01-2006

I am using CW IDE 5.7.0 with a PnE Multilink USB adapter, and I need to set the security bits to lock the flash. I would like to do this when the code is loaded into the processor. However, I can't figure out how to have the programmer set the security bits. Any suggestions are appreciated.

fef · ‎06-03-2006

It does seem a bit unusual that CW does not support FLASH security control, but thanks to the suggestions from Rocky, I seem to have accomplished the desired goal. However, I believe the value $40 should be used for NVOPT to disable vector redirection. Thanks for the help.

fef

peg · ‎06-03-2006

Hi,

Well, it appears RockyRoad has hit a bit of a rough patch (get it?). Still 1 out 4 is better than none!

KEYEN — Backdoor Key Mechanism Enable
When this bit is 0, the backdoor key mechanism cannot be used to disengage security. The backdoor
key mechanism is accessible only from user (secured) firmware. BDM commands cannot be used to
write key comparison values that would unlock the backdoor key. For more detailed information about
the backdoor key mechanism, refer to Section 4.5, “Security.”
1 = If user firmware writes an 8-byte value that matches the nonvolatile backdoor key
(NVBACKKEY through NVBACKKEY+7, in that order), security is temporarily disengaged
until the next MCU reset.
0 = No backdoor key access allowed.
FNORED — Vector Redirection Disable
When this bit is 1, vector redirection is disabled.
1 = Vector redirection disabled.
0 = Vector redirection enabled.
SEC01EC00 — Security State Code
This 2-bit field determines the security state of the MCU as shown in Table 4-7. When the MCU is
secure, the contents of RAM and FLASH memory cannot be accessed by instructions from any
unsecured source including the background debug interface. For more detailed information about
security, refer to Section 4.5, “Security.”
0:0   secure
0:1   secure
1:0   unsecure
1:1   secure
SEC01EC00 changes to 1:0 after successful backdoor key entry or a successful blank check of FLASH.

Regards David

Message Edited by peg on 06-04-2006 09:22 AM

RockyRoad · ‎06-01-2006

I have to correct my answer. A colleague of mine challenged my answer to this. Here's what I've learned since my previous post.

CodeWarrior and the Multilink program NVPROT to $FE (unsecured). This is how you can still see flash and debug after programming. (This should have been obvious, but I've missed it all this time.)

Some new important information that I've also learned is that since SEC01EC00 is already programmed to 1:0, then the only secure combination that you can use is 0:0. This is because this programming takes place without erasing and you can only change the 1 to a 0. (You get an Error 18 during the programming if for example you try 1:1.)

So a better example of the code fragment to include in your source code that shows actually setting security would be:

;Configure Security
ORG NVOPT ; $FFBF
DC.B $00 ; secure, no backdoor key, no vector redirection

My apologies for my incorrect original posting.

- Rocky

peg · ‎06-02-2006

Hi,

The inability to secure a device is purely a Codewarrior limitation!

It is fully supported by the Multilink and the P&E software.

If you use expert programmer mode you can do it from there.

It could be done automatically through the commandline programmer too if the facility to generate the required command in the script was provided within hiwave/codewarrior.

Regards David

RockyRoad · ‎06-01-2006

Welcome to the forum!

The erased state of the SEC01EC00 bits is secured (1:1). The only unsecure combination is 1:0. So you can just leave them alone and the flash will be secured after a reset.

CodeWarrior and the Multilink don't provide an automatic method to set security (or any of the other flash-based registers). You need to do this in your code. In assembly, I do it like this (unsecuring it in this case):

;Configure Security
ORG NVOPT ; $FFBF
DC.B $02 ; not secure

- Rocky

Setting Security for MC9S98GB60

Setting Security for MC9S98GB60

General