How to program the first 40KB by program

jake111 · ‎01-12-2023

My program consists of bootloader(0~0xA000) and the program starts from 0xA000.

The bootloader is used to update the firmware,but sometimes I want to update the bootloader firmware by the program after 0xA000.

But an error occurs when I call FLASH_ERASE(&flashstate, 0, 0xA000, Key) and flash protection bytes(0x400-0x40F) are set.It seems the first serveral sectors are not allowed to erase.How can I program bootloader?

FLASH_GetSecurityState() always return unsecure,it doesn't seem to be a secure issue?

Miguel04 · ‎01-13-2023

Hi @jake111

I recommend you to read Application Note AN2295: Developer's Serial Bootloader. This document has a lot of information about modifying the memory.

Let me know if you have another question.

Best Regards, Miguel.

jake111 · ‎01-13-2023

Thanks.

I want to test the backdoor key,and I've modified the flash configuiration in startup_MK64F12.s as below

__FlashConfig
    DCD 0xAAAAAAAA     /* 8 bytes backdoor comparison key           */
    DCD 0xAAAAAAAA     /*                                           */
    DCD 0xFFFFFFFF     /* 4 bytes program flash protection bytes    */
    DCD 0xFFFF7FBF     /* FDPROT:FEPROT:FOPT:FSEC(0xBF = secure)    */
__FlashConfig_End

but FLASH_GetSecurityState() always return unsecure,any step that I've missed?

Miguel04 · ‎01-20-2023

Hi @jake111

I've found this information that could help you:

1. Chapter 29.4.13.3 on the K64 reference manual mentions how to unsecure the mcu using a backdoor key.

2. On the Kinetis SDK v.2.0 API Reference Manual, chapter 19.5.11 there is a function called FLASH_SecurityBypass, also on MCU Bootloader v2.5.0 Reference Manual 9.4.7 there is more information of this function.

Let me know if you found this usefull, I'll be looking for more information.

Best Regards, Miguel.