Can't enable security on MKL17Z256VLH4.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can't enable security on MKL17Z256VLH4.

Jump to solution
907 Views
nikolaykuzev
Contributor I

Hi!

I am using Kinetis Design Studio, with KSDK_1.3.0, debugger - Segger Base. Project uses only basic HAL - i.e. register references only, no Processor Expert and no other drivers. Finally, when firmware was ready, I wanted to secure it, but get

in a trouble.

So I modified startup_MKL17Z4.S flash configuration:s-file.jpg

Ending was default: FE - 0xFE (Backdoor key access disabled, Mass erase is enabled, NXP factory access granted, MCU security status is unsecure). So just want to set SEC b00 - MCU security status is secure.

So got this:

 Untitled-1.jpg

I loocked over here and found about two similar posts, and answer seems to be clear.

We are developing code for about a year, and through all this time I used to upload firmware through debug mode,

so simply catched my own tail: I wanted to lock MCU and start debug.

So I opened Flash from File and ....confused, this is the same as debug template, and certainly, result is the same.

I tried different combinations of FSLACC-SEC then: in some combination(don't remember exact) alert disappeared.

Then I added some code to check FTFA_FSEC register, just print it to PC terminal over RS-232 (wires connection available on our device housing), certainly, no security state again. FTFA_FSEC [1:0] is always b10.

I am new at Kinetis MCU-s, so really sorry... please explain me step by step how to upload secure firmware.

What is exactly to be done: .... crate new target.... etc.Flash.jpg

0 Kudos
1 Solution
527 Views
nikolaykuzev
Contributor I

Hi, Alice!

Thank you for a detailed reply, I think it will help other people.

I have no PEmicro debugger, it's only about $150, but my local shipping is 3 weeks(

But I solved the problem:

I thought of generating a binary file and found this post:

How to convert .elf files to .Sxx or .Bin files

Grate thanks to ZhangJennie for his video!

1) In "native" project properties->C/C++ Build->Settings->Toolchains(tab)

   Enable flash image generation and apply.

   Flash.jpg

2) In previous tab (Note! SDK different from video)

   Enable hex and Berkley(default for me) format, apply.

General.jpg

3) Then simply Build or Debug.

   If debug, the alert will appear again but anyway .hex will be generated properly.

So here is our .hex now.

Untitled-3.bmp

4) Open J-Flash lite utility:

Progs.jpg

Untitled-5.jpg

4) Select our target device (Important, certainly - allow security)

Untitled-7.jpg

5) Then again OK:

Untitled-8.jpg

6) Next window - select our .hex file.

Untitled-9.jpg

7) Program device.

Untitled-10.jpg

So now FTFA_FSEC regiser replies:

Untitled-11.jpg

FTFA_FSEC [1:0] - 00 first secured optional from (b00, b01, b11) - as ordered.

I repeated flash program and got the prove:

Untitled-12.jpg

I Think now all is really OK.

PS: After Mass Erase and reprogram previously secure device, unit was hanging.

       Just reboot in this case, firmware is actual and security enabled. Terminal replies - true.

View solution in original post

0 Kudos
2 Replies
527 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello Nikolay,

Could you use the P&E debug , I test on KDSv3.0 with P&E debug , it can flash the code with enable security .

The steps as below :

- Create a new project on KDS based on your chip, for example named Project1, build.

-Click the Flash buttonpastedImage_1.png, in the " C/C++ Application " field , choose the .elf file or your original project (not the Project1) , then click "Flash" button.

pastedImage_2.png

- Click "No" when it shows up the below at two times :

pastedImage_5.png

- Then if it shows up the below , please choose the close icon :

pastedImage_6.png

- Waiting for the debugger crash, re-power your board, it can run well with security, you can use the UART sending

FTFA_FSEC data to teminal  . 

pastedImage_8.png

Hope it helps


Have a great day,
TIC

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

528 Views
nikolaykuzev
Contributor I

Hi, Alice!

Thank you for a detailed reply, I think it will help other people.

I have no PEmicro debugger, it's only about $150, but my local shipping is 3 weeks(

But I solved the problem:

I thought of generating a binary file and found this post:

How to convert .elf files to .Sxx or .Bin files

Grate thanks to ZhangJennie for his video!

1) In "native" project properties->C/C++ Build->Settings->Toolchains(tab)

   Enable flash image generation and apply.

   Flash.jpg

2) In previous tab (Note! SDK different from video)

   Enable hex and Berkley(default for me) format, apply.

General.jpg

3) Then simply Build or Debug.

   If debug, the alert will appear again but anyway .hex will be generated properly.

So here is our .hex now.

Untitled-3.bmp

4) Open J-Flash lite utility:

Progs.jpg

Untitled-5.jpg

4) Select our target device (Important, certainly - allow security)

Untitled-7.jpg

5) Then again OK:

Untitled-8.jpg

6) Next window - select our .hex file.

Untitled-9.jpg

7) Program device.

Untitled-10.jpg

So now FTFA_FSEC regiser replies:

Untitled-11.jpg

FTFA_FSEC [1:0] - 00 first secured optional from (b00, b01, b11) - as ordered.

I repeated flash program and got the prove:

Untitled-12.jpg

I Think now all is really OK.

PS: After Mass Erase and reprogram previously secure device, unit was hanging.

       Just reboot in this case, firmware is actual and security enabled. Terminal replies - true.

0 Kudos