Is enabled security and disabling Mass Erase enough to protect Kinetis K63 based devices from unauthorized access?

cancel
Showing results for 
Search instead for 
Did you mean: 

Is enabled security and disabling Mass Erase enough to protect Kinetis K63 based devices from unauthorized access?

Jump to solution
455 Views
yash_bhatt1
Contributor III

Hi,

We are developing a product using Kinetis K63. As the security is of paramount importance for the application, we
want to make sure that once the product is deployed in field it can not be accessed by anyone unauthorized.

We came across an application note (AN4507) and understood that to secure a device we should set the FSEC[0:1] to 00 (or 01 or 11)
and to make sure that even mass erase does not grant unauthorized access, we should set FSEC[5:4] to 10.

Taking these into consideration the value for FSEC will become 0xB4. If we program 0xB4 value in the flash configuration
(byte at address 0x40C) we should be able to achive a robust security for our device.

Is our understanding here correct? If we are missing any other area of vulnerablity please bring that to our notice.

Also, we did perform testing with the FRDM-K64 but to prevent accidental loss of device we have not disabled mass erase
making the FSEC value 0XBC. We saw that with this value we are unable to enter debug mode using MCUXpresso debug. But
we are concerned that from logs we see that the debugger is able to flash the board but as the image contains 0xBC as the value
for FSEC, debug mode is not enabled. Apart from that we see the text "Part is not secured" in the logs. Does that mean the device
is not secured (inspite of setting the FSEC[0:1] to 00?
Attaching logs for your reference (while debugging with image having 0xBC at 0x40C flash address)

Regards,
Yash Bhatt

Labels (1)
0 Kudos
1 Solution
376 Views
nxf58904
NXP TechSupport
NXP TechSupport

Hi,

It is very helpful to launch a security .

Your operation is very suitable.

When you disable the mass erase , debugger will have no access to the flash,even read ,program,erase,and the code will be protect and the chip will under a strong protection .

Jianyu: 

Have a great day,
TIC

 

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

 

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

2 Replies
376 Views
nxf58904
NXP TechSupport
NXP TechSupport

Hi,

And Attention: After disable mass erase,it will be hard to reprogram the chip.

Jianyu: 

Have a great day,
TIC

 

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

 

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

377 Views
nxf58904
NXP TechSupport
NXP TechSupport

Hi,

It is very helpful to launch a security .

Your operation is very suitable.

When you disable the mass erase , debugger will have no access to the flash,even read ,program,erase,and the code will be protect and the chip will under a strong protection .

Jianyu: 

Have a great day,
TIC

 

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

 

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post