[k20d50m]: secured device needs unlocked

cancel
Showing results for 
Search instead for 
Did you mean: 

[k20d50m]: secured device needs unlocked

Jump to solution
1,168 Views
huishao2
Contributor IV

Hi-

Secured MCUs can't be JTAG'd anymore.

My debugging environment:

IAR 7.20 and I-jet debugger

Two MCUs got secured by different ways accidentally. For first one, when I tried to erased partitioned EEPROM using "Erase All Blocks Command (0x44)" from my firmware code, the device is secured and I can't JTAG it anymore. For second one, when I followed application notes AN4695.pdf and changed my linker file, the device got secured eventually after a few times of successful downloading.

What I did:

I followed https://community.freescale.com/thread/311660, but don't know how to change FSEC to 0xFE without JTAG access.

I tried Kinetis_unlock_swd.bat that is part of IAR, but got:

C:\Program Files (x86)\IAR Systems\Embedded Workbench 7.0\arm\bin\jet\bin>Kinetis_unlock_swd.bat

C:\Program Files (x86)\IAR Systems\Embedded Workbench 7.0\arm\bin\jet\bin>SigFlashCmd.exe -cpu M3SWD -nocpu -flash Kinet
is,massErase
SigFlashCmd Version 1.24 (C) Signum Systems Corp. 2006-2014
SigFlashCmd.exe -cpu M3SWD -nocpu -flash Kinetis,massErase
Starting ...
OK - Connected to the emulator ...
OK - Emulation configured using C:\Program Files (x86)\IAR Systems\Embedded Workbench 7.0\arm\bin\jet\bin\M3SWD.par file
...
OK - Connected to the CPU ...

ERROR: Cannot get initial CPU status: Unsupported SCS CPUID 0x20202020.

ERROR: Cannot get initial CPU status: Unsupported SCS CPUID 0x20202020.
The device is secure. Debug access to the system is locked.
The device can be unlocked by mass erase.
Waiting for mass erase to finish ...
Mass erase finished.
Mass Erase operation was successful
OK - Flash programming finished ...
OK - Exiting ...
OK - Done

I also tried Project->Download->Erase memory for IAR GUI, it doesn't help at all.

Seems like the threads in community are suggesting to use J-Link. Is there a solution with I-jet to revive the secured MCUs?

Thanks!

Hui

1 Solution
367 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi Hui shao,

    About your question, just like what we communicated in the inbox.

    Your secure is caused by the 0X44 command in your __ramfunc int partition_flash(int eeprom_size, int dflash_size).

    The data in flash address 0x40c changed from 0XFE to 0xFF after you do 0X44 command.

    If you just want to erase the flash partition, I suggest you use the debugger tool to do mass erase, you shouldn't do the 0x44 command in your flash code, except you put all your code in your ram, and run in RAM.

    Now what you need is find a debugger tool to do mass erase to your chip,  I am not sure your IAR/I-jet can do mass erase, you should check this function with IAR support centor.

  Or you can choose another debugger , eg Jlink ,opensda to unsecure it.

Wish it helps you!

If you still have question, please let me know!


Have a great day,
Jingjing

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

View solution in original post

2 Replies
368 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi Hui shao,

    About your question, just like what we communicated in the inbox.

    Your secure is caused by the 0X44 command in your __ramfunc int partition_flash(int eeprom_size, int dflash_size).

    The data in flash address 0x40c changed from 0XFE to 0xFF after you do 0X44 command.

    If you just want to erase the flash partition, I suggest you use the debugger tool to do mass erase, you shouldn't do the 0x44 command in your flash code, except you put all your code in your ram, and run in RAM.

    Now what you need is find a debugger tool to do mass erase to your chip,  I am not sure your IAR/I-jet can do mass erase, you should check this function with IAR support centor.

  Or you can choose another debugger , eg Jlink ,opensda to unsecure it.

Wish it helps you!

If you still have question, please let me know!


Have a great day,
Jingjing

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

View solution in original post

367 Views
huishao2
Contributor IV

Thanks!

Hui

0 Kudos