帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Unsecuring the MCU from Backdoor key to unprotect the Flash

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Unsecuring the MCU from Backdoor key to unprotect the Flash

‎02-15-2021 06:58 AM
1,527 次查看
venkataddagatla
Contributor II
Hi,
I have enabled the Backdoor key to unsecured the flash and I have set the flash configuration, as mentioned below.
(void(*)(void)) 0xAAAAAAAA, /* 0x400 Backdoor Comparison Key */
(void(*)(void)) 0xAAAAAAAA, /* 0x404 Backdoor Comparison Key */
(void(*)(void)) 0xFFFFFFFF, /* 0x408 FPROT */
(void(*)(void)) 0xFFFFFFBD /* 0x40c FSEC, FOPT, FEPROT, FDPROT */
 
This was added in the vector table after the end of ISRs. This is part of the Bootloader code.
So, to un-secure the MCU, I am running a backdoor key from the Application, not from the Bootloader code.
The code mentioned below, which is running from Application on keypress.
while((FTFE_BASE_PTR->FSTAT & FTFE_FSTAT_CCIF_MASK) == 0); // wait if operation in progress
FTFE_BASE_PTR->FSTAT = FTFE_FSTAT_ACCERR_MASK | FTFE_FSTAT_FPVIOL_MASK; // clear flags

FTFE_BASE_PTR->FCCOB3 = 0x45;
FTFE_BASE_PTR->FCCOB7 = 0xAA;
FTFE_BASE_PTR->FCCOB6 = 0xAA;
FTFE_BASE_PTR->FCCOB5 = 0xAA;
FTFE_BASE_PTR->FCCOB4 = 0xAA;
FTFE_BASE_PTR->FCCOBB = 0xAA;
FTFE_BASE_PTR->FCCOBA = 0xAA;
FTFE_BASE_PTR->FCCOB9 = 0xAA;
FTFE_BASE_PTR->FCCOB8 = 0xAA;
FTFE_BASE_PTR->FSTAT = FTFE_FSTAT_CCIF_MASK; // launch command
while((FTFE_BASE_PTR->FSTAT & FTFE_FSTAT_CCIF_MASK) == 0); // wait until complete
 
I am printing the status register before and after running the backdoor command, but the FSEC register
does not have any change, it always has the same value
Here, how to verify the Backdoor key is worked or not.
And also one more question, in MEEN bits in FSEC, if we make Mass erase disabled, is it possible to unlock the flash from the Backdoor key.
Because I have tried with this, I didn't succeed, I end up locking my MCU.
 
0 项奖励
回复
3 回复数

‎02-18-2021 06:07 PM
1,513 次查看
Alexis_A
NXP TechSupport
NXP TechSupport

Hello @venkataddagatla,

In the SDK, there's a function called FTFx_CMD_SecurityBypass in the fsl_ftfx_controller.c, you can check this driver in the pflash example.

Best Regards,

Alexis Andalon

0 项奖励
回复

‎02-23-2021 06:18 AM
1,494 次查看
venkataddagatla
Contributor II

HI,

Thanks for  the reply.

I have downloaded SDK for K64 since I  didn't get for K61 as we are using the same for our project.

I still did not get the piece of logic based on Backdoor key acceptance , the Flash is unsecure.

 

Please find the snippet  which found in Pflash from SDK

    /* Print security status. */
    switch (securityStatus)
    {
        case kFLASH_SecurityStateNotSecure:
            PRINTF("\r\n Flash is UNSECURE!");
            break;
        case kFLASH_SecurityStateBackdoorEnabled:
            PRINTF("\r\n Flash is SECURE, BACKDOOR is ENABLED!");
            break;
        case kFLASH_SecurityStateBackdoorDisabled:
            PRINTF("\r\n Flash is SECURE, BACKDOOR is DISABLED!");
            break;
        default:
            break;
    }
    PRINTF("\r\n");
    /* Test pflash basic opeation only if flash is unsecure. */
    if (kFLASH_SecurityStateNotSecure == securityStatus)
    {
        /* Debug message for user. */
        /* Erase several sectors on upper pflash block where there is no code */
        PRINTF("\r\n Erase a sector of flash");

 

Here  actually i need based on key acceptance how can we make flash unsecure and it can be ready for mass erase.

 

0 项奖励
回复

‎02-23-2021 05:08 PM
1,488 次查看
Alexis_A
NXP TechSupport
NXP TechSupport

Hello @venkataddagatla,

The example by itself doesn't implement the enablement of the backdoor key. The API in the example FLASH_GetSecurityState checks if the backdoor key is active in case the debugger writes the key.

To enable the key you need to check the FLASH_SecurityBypassin the fsl_ftfx_flash driver.

Best Regards,

Alexis Andalon

 

0 项奖励
回复