K22F Flash Security

whata · ‎09-07-2020

Hi,

I have a K22F device which contains :

loader application at offset 0x00

primary application at offset x

secondary application at offset y

Default startup file provided by mcuxpresso contains Flash configuration block of four words which is placed at relative offset of 0x400 and contains Backdoor key/Program protection adn Fsec settings.

I wan to secure the device according to the following settings:

- Backdoor Key disabled
- Mass Erase disabled
- Freescale factory access is denied
- Flash security is enabled ( Jtag/Swd is disabled )

This implies that FSEC needs to be set to 0xC4. So as far as I understand flash configuration in the startup file needs to be modified to:

__attribute__ ((used,section(".FlashConfig"))) const struct {
    unsigned int word1;
    unsigned int word2;
    unsigned int word3;
    unsigned int word4;
} Flash_Config = {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFC4};

What I do not understand is if these settings needs to be applied to x+400 and y+400 too or only to loader part of flash region 0+400? My reasoning is as follows:

1. MCU goes out of reset and Flash Security is configured according to settings stored at 0x00+0x400

2. Loader application jumps to application at offset x or y depending on configuration

3. Flash Security is reconfigured according to settings stored at x+400 or y+400?

My primary objective is to disable access to device (flash-dump, swd/jtag access)

nxf58904 · ‎09-08-2020

Hi，

Because the fopt was loaded by core, and the core will load it to flash when flash initializing.After reset ,the processor will not load fopt ,it set up PC ,stack,LR for running application.

As you said , the x and y's FOPT will be ignored .

Jianyu:

Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

nxf58904 · ‎09-08-2020

Hi，

Because the fopt was loaded by core, and the core will load it to flash when flash initializing.After reset ,the processor will not load fopt ,it set up PC ,stack,LR for running application.

As you said , the x and y's FOPT will be ignored .

Jianyu:

Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

whata · ‎09-07-2020

TIC,

Thanks for prompt reply. But what happens exactly after jump to x or y application, they do contain FOPT bytes at their relative offset of 400. Are they simply ignored?

nxf58904 · ‎09-07-2020

Hi,

As the follow picture shows,the Flash configure area (FOPT) was loaded on reset.

You have a loader application, X and Y applications in flash,but you should only set FOPT at 0x0+0x400(loader application).

Jianyu:

Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

K22F Flash Security

K22F Flash Security

Kinetis K Series MCUs