- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- Identification and Security
- i.MX Processors
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- CodeWarrior
- Wireless Connectivity
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
-
- Home
- :
- 通用微控制器
- :
- Kinetis微控制器
- :
- Re: Use removed MK20 part from freedom board
Use removed MK20 part from freedom board
Hello,
I have been working with some MK20DX128VFM5 samples that I received from freescale. I now have a designed PCB that I would like to build, but do not have any more parts. I thought I could order a couple of freedom boards, pull of the mk20 and use them on my board, but they seemed to be lock and or secured.
I have tried to connect to them with my J-link and through codewarrior. I have used J-link commander to try and get a direct conection, but the chips are not responding.
Does anyone know what state these chips may be in? Is there anything that I can do to make them usable? I sure wish we get some of these parts from mouser digikey, hopefully soon.
Thanks.
已解决! 转到解答。
BlackNight
If the device has security plus mass erase disabled, it means game over:
How (not) to Secure my Microcontroller | MCU on Eclipse
Unless you know the back door mechanism which has been implemented by the OpenSDA producer?
See as well the KL25Z Reference manual (KL25P80M48SF0RM.pdf), search for MEEN
page 153, chapter 9.3.1:
When mass erase is disabled (via MEEN and SEC settings), the erase
request does not occur and the Flash Mass Erase in Progress bit
continues to assert until the next system reset.
page 428, FTFA_FSEC:
Mass Erase Enable Bits
Enables and disables mass erase capability of the flash memory module. The state of the MEEN bits is
only relevant when the SEC bits are set to secure outside of NVM Normal Mode. When the SEC field is
set to unsecure, the MEEN setting does not matter.
Chapter 8:Security, page 149
In the unsecured state all flash commands are available on the programming interfaces
either from the debug port (SWD) or user code execution. When the flash is secured
(FSEC[SEC] = 00, 01, or 11), the programmer interfaces are only allowed to launch mass
erase operations. Additionally, in this mode, the debug port has no access to memory
locations.
Hope this helps,
Erich
Hello everyone,
I have a FRDM KL25Z board but could not flash the MK20 (with segger SWD) because to be protected, I bought the IC MK20DX128VFM5 and replace on the board. The objective is to again take again the functional board, then build a robot with debugger on board. (simulate frdm kl25z)
My question is: Where can I get the Bootloader MSD to unload with segger? I already used the segger "12_OpenSDA_FRDM-KL25Z" by https://www.segger.com/downloads/jlink but the MK20 does not work after scheduled. Ie the PC should recognize right?
My circuit hi level is: PC -> Segger -> J8 (SWD) FRDMKL25Z
Please help me.
Thank you Pedro Santos
That is correct the K20's mcu's are secured and the mass erase disabled feature is on, as you suggest is for security reasons, the only way to erase them is using a J-link programmer + J link commander (sw tool).
You can find the J link commander in the following link:
http://www.segger.com/jlink-software.html
I attached a video of how do the mass erase, it takes just a couple of seconds; however, we don;t recommend you remove the mcu's from the freedom board since you will render the board unusable and might damage the microcontroller in the removal process.
Hi Yu,
Not directly related to the un-securing the device but I noticed that accessing the K20 on the FRDM-KL25 board using the SWD connector may have problems unrelated to the security.
I found it necessary to supply power to the board independently through the USB connector to access the chip at all. Supplying power via the SWD wasn't sufficient.
I then connected to the device while reset was asserted which ensures that the software on the device did not disable the SWD function on the chip pins etc.
The above may be the reason for the difficulty in connecting at all.
I then read the MDM-AP.Status register which contains 0x00000016. This confirmed that it was secured with mass erase and backdoor access disabled.
bye
So, can someone give evidence that the device can or cannot be accessed after being "secured and the mass erase disabled". I don't think that by someone stating that it can or can't without being able to refer to some documentation stating the case is considered an answer.
So what where lies the answer?
I am having the same problem as Yu Qiao in that the device will not respond.
BlackNight
If the device has security plus mass erase disabled, it means game over:
How (not) to Secure my Microcontroller | MCU on Eclipse
Unless you know the back door mechanism which has been implemented by the OpenSDA producer?
See as well the KL25Z Reference manual (KL25P80M48SF0RM.pdf), search for MEEN
page 153, chapter 9.3.1:
When mass erase is disabled (via MEEN and SEC settings), the erase
request does not occur and the Flash Mass Erase in Progress bit
continues to assert until the next system reset.
page 428, FTFA_FSEC:
Mass Erase Enable Bits
Enables and disables mass erase capability of the flash memory module. The state of the MEEN bits is
only relevant when the SEC bits are set to secure outside of NVM Normal Mode. When the SEC field is
set to unsecure, the MEEN setting does not matter.
Chapter 8:Security, page 149
In the unsecured state all flash commands are available on the programming interfaces
either from the debug port (SWD) or user code execution. When the flash is secured
(FSEC[SEC] = 00, 01, or 11), the programmer interfaces are only allowed to launch mass
erase operations. Additionally, in this mode, the debug port has no access to memory
locations.
Hope this helps,
Erich
Hi Pedro,
Can you explain how the JLINK is able to erase the device? I had though that it was impossible to do this if the device is both secured and mass erase disabled. I am interested in a reference to some documentation that explains the method. Not just JLINK commands to use but the underlying method available on the chip.
bye
Hi,
I had a look at the MK20s on the Freedom boards I have. They are secured and have the mass erase disabled.
This means they cannot be re-programmed except by the on-chip software.
I'm unsure why they would need to be in such a state except for security reasons.
bye
