ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Use removed MK20 part from freedom board

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

Use removed MK20 part from freedom board

ソリューションへジャンプ
‎10-29-2012 02:39 PM
7,437件の閲覧回数
mjg8t
Contributor IV

Hello,

I have been working with some MK20DX128VFM5 samples that I received from freescale.  I now have a designed PCB that I would like to build, but do not have any more parts.  I thought I could order a couple of freedom boards, pull of the mk20 and use them on my board, but they seemed to be lock and or secured. 

I have tried to connect to them with my J-link and through codewarrior.  I have used J-link commander to try and get a direct conection, but the chips are not responding. 

Does anyone know what state these chips may be in?  Is there anything that I can do to make them usable?  I sure wish we get some of these parts from mouser digikey, hopefully soon.

Thanks.

0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎11-08-2012 09:00 AM
5,829件の閲覧回数
BlackNight
NXP Employee
NXP Employee

If the device has security plus mass erase disabled, it means game over:

How (not) to Secure my Microcontroller | MCU on Eclipse

Unless you know the back door mechanism which has been implemented by the OpenSDA producer?

See as well the KL25Z Reference manual (KL25P80M48SF0RM.pdf), search for MEEN

page 153, chapter 9.3.1:

When mass erase is disabled (via MEEN and SEC settings), the erase

request does not occur and the Flash Mass Erase in Progress bit

continues to assert until the next system reset.

page 428, FTFA_FSEC:

Mass Erase Enable Bits

Enables and disables mass erase capability of the flash memory module. The state of the MEEN bits is

only relevant when the SEC bits are set to secure outside of NVM Normal Mode. When the SEC field is

set to unsecure, the MEEN setting does not matter.

Chapter 8:Security, page 149

In the unsecured state all flash commands are available on the programming interfaces

either from the debug port (SWD) or user code execution. When the flash is secured

(FSEC[SEC] = 00, 01, or 11), the programmer interfaces are only allowed to launch mass

erase operations. Additionally, in this mode, the debug port has no access to memory

locations.


Hope this helps,
Erich

元の投稿で解決策を見る

0 件の賞賛
返信
11 返答(返信)

ソリューションへジャンプ
‎07-17-2016 07:31 AM
5,829件の閲覧回数
prtronicsyslda
Contributor I

Hello everyone,

I have a FRDM KL25Z  board but could not flash the MK20 (with segger SWD) because to be protected, I bought the IC MK20DX128VFM5 and replace on the board. The objective is to again take again the functional board, then build a robot with debugger on board. (simulate frdm kl25z)

My question is: Where can I get the Bootloader MSD to unload with segger? I already used the segger "12_OpenSDA_FRDM-KL25Z" by https://www.segger.com/downloads/jlink but the MK20 does not work after scheduled. Ie the PC should recognize right?

My circuit hi level is:  PC    ->   Segger ->   J8 (SWD)  FRDMKL25Z 

Please help me.

Thank you Pedro Santos

0 件の賞賛
返信

ソリューションへジャンプ
‎10-30-2012 12:42 PM
5,826件の閲覧回数
apanecatl
Senior Contributor II

That is correct the K20's mcu's are secured and the mass erase disabled feature is on, as you suggest is for security reasons, the only way to erase them is using a J-link programmer + J link commander (sw tool).

You can find the J link commander in the following link:

http://www.segger.com/jlink-software.html

I attached a video of how do the mass erase, it takes just a couple of seconds; however, we don;t recommend you remove the mcu's from the freedom board since you will render the board unusable and might damage the microcontroller in the removal process.

ファイルをプレビュー
139 KB
0 件の賞賛
返信

ソリューションへジャンプ
‎11-07-2012 08:25 AM
5,826件の閲覧回数
qiaoy
Contributor I

I knew how to unsecure the kinetis with jlink..

But the issue for me is that I can't access the k20 on freedom board via JTAG/SWD.

0 件の賞賛
返信

ソリューションへジャンプ
‎11-08-2012 04:54 PM
5,826件の閲覧回数
pgo
Senior Contributor V

Hi Yu,

Not directly related to the un-securing the device but I noticed that accessing the K20 on the FRDM-KL25 board using the SWD connector may have problems unrelated to the security.

I found it necessary to supply power to the board independently through the USB connector to access the chip at all.  Supplying power via the SWD wasn't sufficient.

I then connected to the device while reset was asserted which ensures that the software on the device did not disable the SWD function on the chip pins etc.

The above may be the reason for the difficulty in connecting at all.

I then read the MDM-AP.Status register which contains 0x00000016.  This confirmed that it was secured with mass erase and backdoor access disabled.

bye

0 件の賞賛
返信

ソリューションへジャンプ
‎11-08-2012 08:20 AM
5,826件の閲覧回数
mjg8t
Contributor IV

So, can someone give evidence that the device can or cannot be accessed after being "secured and the mass erase disabled".  I don't think that by someone stating that it can or can't without being able to refer to some documentation stating the case is considered an answer. 

So what where lies the answer?

I am having the same problem as Yu Qiao in that the device will not respond.

0 件の賞賛
返信

ソリューションへジャンプ
‎11-08-2012 09:00 AM
5,830件の閲覧回数
BlackNight
NXP Employee
NXP Employee

If the device has security plus mass erase disabled, it means game over:

How (not) to Secure my Microcontroller | MCU on Eclipse

Unless you know the back door mechanism which has been implemented by the OpenSDA producer?

See as well the KL25Z Reference manual (KL25P80M48SF0RM.pdf), search for MEEN

page 153, chapter 9.3.1:

When mass erase is disabled (via MEEN and SEC settings), the erase

request does not occur and the Flash Mass Erase in Progress bit

continues to assert until the next system reset.

page 428, FTFA_FSEC:

Mass Erase Enable Bits

Enables and disables mass erase capability of the flash memory module. The state of the MEEN bits is

only relevant when the SEC bits are set to secure outside of NVM Normal Mode. When the SEC field is

set to unsecure, the MEEN setting does not matter.

Chapter 8:Security, page 149

In the unsecured state all flash commands are available on the programming interfaces

either from the debug port (SWD) or user code execution. When the flash is secured

(FSEC[SEC] = 00, 01, or 11), the programmer interfaces are only allowed to launch mass

erase operations. Additionally, in this mode, the debug port has no access to memory

locations.


Hope this helps,
Erich

0 件の賞賛
返信

ソリューションへジャンプ
‎11-08-2012 09:15 AM
5,826件の閲覧回数
mjg8t
Contributor IV

Hi Erich,

Thanks for the comprehensive information!   Off to patiently waiting for the smaller parts to trickle into the distributors.

Thanks.

0 件の賞賛
返信

ソリューションへジャンプ
‎11-06-2012 10:46 PM
5,826件の閲覧回数
rogerzhong
Contributor III

Agree with pgo. The device can never be accessed from any external sources, including the J-link, if the device is both secured and the mass erase disabled through FSEC.

0 件の賞賛
返信

ソリューションへジャンプ
‎11-07-2012 11:55 PM
5,826件の閲覧回数
oliverzhang
Contributor I

Hi Roger, Boss is calling you.

0 件の賞賛
返信

ソリューションへジャンプ
‎10-31-2012 05:59 PM
5,826件の閲覧回数
pgo
Senior Contributor V

Hi Pedro,

Can you explain how the JLINK is able to erase the device?  I had though that it was impossible to do this if the device is both secured and mass erase disabled.  I am interested in a reference to some documentation that explains the method.  Not just JLINK commands to use but the underlying method available on the chip.

bye

0 件の賞賛
返信

ソリューションへジャンプ
‎10-29-2012 08:27 PM
5,826件の閲覧回数
pgo
Senior Contributor V

Hi,

I had a look at the MK20s on the Freedom boards I have.  They are secured and have the mass erase disabled.

This means they cannot be re-programmed except by the on-chip software.

I'm unsure why they would need to be in such a state except for security reasons.

bye

0 件の賞賛
返信