- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- Home
- :
- General Purpose Microcontrollers
- :
- Kinetis Microcontrollers
- :
- Re: Disabling the Debug access in K22
Disabling the Debug access in K22
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Disabling the Debug access in K22
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am using a custom board with MK22FX512AVLQ12 controller. I want to disable the access of debug port/ debug lines once I have flashed the code but I should be able to update the firmware later through bootloader.
From the reference manual of the controller I found that, writes to flash can be disabled by setting the flash security bits. But even after setting the security bits flash can be mass erased to make it unsecure. So I'll have to disable the mass erase command as well (please find relevant screenshots attached). Doing this will effectively make the controller one time programmable.
But my requirement is that, I should be able to update the program in flash by bootloader method(sending the application code on serial data lines), only the access to actual debug port of the controller should be disabled. Is this possible for this controller? If so, how it can be done?
Thanks & Regards,
Vaibhavi P
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @vaibhavi_padwal ,
The flash protection has basically the function that if the part is secured, and if the mass flash erase is still enabled, you can use the debugger to recover the device with a mass erase (see https://mcuoneclipse.com/2012/11/04/how-not-to-secure-my-microcontroller/ and https://mcuoneclipse.com/2014/06/22/preventing-reverse-engineering-enabling-flash-security/ ).
You still are able to perform flash page erase and programming from your application or bootloader.
Now one way to disable the debugger access further is to disable/re-mux the SWD/JTAG pins right after reset, including disabling the reset line.
However, this leaves a very small window open for a power glitch attack (see https://mcuoneclipse.com/2021/05/20/recovering-cortex-m-microcontroller-with-a-power-glitch/ ).
I hope this helps,
Erich
I hope this helps,
Erich
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ErichStyger,
As I have understood from the articles you suggested, the best possible way to secure my device from unauthorized debug access is to enable Flash security (SEC bits) and disable the Mass Erase Access (MEEN bits).
In the article you mention
" Every microcontroller has some specific bits and settings which need to be set, and different ways how to implement a back door to regain access. Typically it is best if the backdoor is implemented through another hidden channel, e.g. with an encrypted password sent over USB or RS-232."
Does implementing backdoor means using the Backdoor key access feature of the controller? Or I can use any other method which I'll define in my bootloader?
Also implementing a backdoor to regain access, for e.g. using encrypted password, means that if I receive the password correctly through RS232 should I make the flash unsecure and then Program the application code? or I can program the code with unsecuring the flash?
Thanks & Regards,
Vaibhavi P
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @vaibhavi_padwal ,
I recommend that you check the K22FX reference manual (search for 'backdoor' in the PDF).
Additionally search for the AN4507 (Using the Kinetis Security andFlash Protection Features) which has lots of good information on that topic.
(your internet search engine is your friend
I hope this helps,
Erich
