A recent post brought up a good point that I replied to just now.kms, #kinetismotorsuite.
I wanted for create a document to address the issues he faced, the idea of a ROM and to give a little information about KMS at NXP.
A ROM would be ideal for this application. However, NXP had developed the MCUs prior to the availablity of the KMS library and the MCUs did not include a ROM
The IP we used:
NXP has implemented IP in the MCU (MCU features) that enable customer to use secured code, marked as execute only.
The feature on the MCUs that enable this option is call flash access protection (FAC).
Any code placed in the flash can be protected from being read through any means by setting the Flash access control bits.
The NXP system architects chose to offer the KV series that had FAC with the option of using KMS.
Mass Erase Protection: Please see the MKV RM for more information on these features!
With the introduction of KMS we saw the need to protect the MCU flash from mass erase and made some IP improvements to enable this.
The KV series MCUs shipped after ww14 of 2016 have an added feature to prevent mass erase of the flash even when the MCU is not-secured.
This means that the FSEC bits in the FPROT registers of the flash don't come into play when the MCU is enabling or disabling mass erase.
The MEEN bits in the FSEC register can be set to 'b10, thus preventing the mass erase of the MCU's flash.
CAUTION: As always when you secure the MCU and disable Mass Erase, the MCU flash is locked down and cannot be accessed. The only way you can get back into the flash is to enabled another flash option called the Back Door Access. .
KMS Reference Project Protection Option:
This setting is available in the flash config of the KMS reference projects.
You can change a #define to engage this protection.
It is not engaged as a default because the tools did not properly respond to the setting of the MEEN bits
The tool vendors included Segger, IAR, P&E as well as the OpenSDA MBED firmware that was previously supplied did not handle the mass erase protection IP very well at first. In fact, it is only with the latest release of P&E firmware updates and eclipse plug-ins, that the mass erase is prevented.