AN4235 mentions secure storage of encryption keys in the MPC564 via the CSE (Crytpographic Services Engine). Does the Kinetis have any such write-only storage that could be used to securely store AES encryption keys for use with the CAU (Cryptographic Acceleration Unit)?
It seems counterintuitive to encrypt when the keys can simply be read from flash...
Setting certain bitfields at 0x0_040C will prevent the chip's flash from being read by debug devices Look for the Flash Security register FSEC. This data is also mirror in the register FTFL_FSEC. This will effect the entire flash of the chip, but this is good practice if there are security concerns.