Kinetis Security - Backdoor usage - Please explain

JHinkle · ‎11-28-2016

I currently have a K64 which uses a bootloader and Application.

The K64 has security enabled but allows bulk erase and NXP access.

In another post, I noted a glitch in the VCC line has caused the App to hardfault and NOT recover after a reset or power cycle.

My only recourse, as I see it is to bulk erase, reflash with a debugger, and hope it faults again so I can understand what issue the VCC glitch caused.

Moving forward, I would like to be able to debug the faulted application - even with security set.

I understand that my app, prior to faulting, can use the backdoor key and release security temporarily. If I do this, will I be able to attach a debugger to the target (jlink + Crossworks) and step thru the application or break when the hardfault occurs?

Thanks.

Joe

Hui_Ma · ‎11-28-2016

Hi

There is an useful application note AN4507 about Kinetis product security.

When using the debugger connect the K64 chip, which will reset the K64 and caused the K64 be re-secured again. Then debugger tool could not connect with K64 chip.

So, customer need to modify the Flash address 0x40C with unsecure value (0xFE) in backdoor key access application/firmware.

Wish it helps.

Have a great day,
Ma Hui
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------