ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Cant Write FSEC, SEC bits using FCA

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

Cant Write FSEC, SEC bits using FCA

ソリューションへジャンプ
‎08-22-2018 03:04 AM
2,145件の閲覧回数
saurabhsaxena
Contributor III

Hi,

I am trying to secure my internal flash on Kineris K81 MCU, using the Flash Configuration Area,

All the Bits I configuring as follows

__FlashConfig

DCD 0x9BABEAF8 ; [0x400 - 0x403] Backdoor Key Access
DCD 0x9BABEAF8 ; [0x404 - 0x407] Backdoor Key Access
DCD 0xFFFFFFFF ; [0x408 - 0x40B] Program Flash Protection Register
DCD 0xFFFFBCFF ; [0x40C - 0x40F] 0x40C: FSEC, 0x40D FOPT, 0x40E-F Reserved,
__FlashConfig_End

where 0x40C is the SEC field configured as 11, which means that the flash is secured.

But the problem is that when I try to read this configuration using the blhost utility I find the Flash Security in UNSECURED state, and the command 

blhost.exe -p COM3 read-memory 0x400 16 ./FCA.dat yields the following  test.png

Can any one tell why the SEC setting are beings always set as 'E' 1110 where 10 is unsecure?

タグ(1)
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎08-22-2018 11:01 PM
1,861件の閲覧回数
kerryzhou
NXP TechSupport
NXP TechSupport

Hi Saurabh,

     If you just want to use the blhost to check the 0X40C data, and you find the 0X40C still 0XFE and not the 0XFF which you want to download.

    I don't know how you download the secured code to the chip? Some IDE or the debugger need to do the configuration, otherwise the secure area won't be updated.

   I highly suggest you generate the .hex file, then check the 0X40C at first, make sure the app.hex 0X40C is really 0XFF, then you can use the blhost download that app, then check it again.

   As I know, the IAR need to do the specific configuation, the KDS or MCUXpresso associate with the P&E debugger also may have problem, so, if you still want to use the debugger to download the code, I suggest you use the JLINK, when you select the chip, you must select the chip with partnumber<allow security>, then you can use the JLINK commander window, with JLINK commander: loadfile app.hex addr to download the code.

Please try it again in you side.

If you still have question about it, please kindly let me know.


Have a great day,
Kerry

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

元の投稿で解決策を見る

0 件の賞賛
返信
3 返答(返信)

ソリューションへジャンプ
‎08-22-2018 11:01 PM
1,862件の閲覧回数
kerryzhou
NXP TechSupport
NXP TechSupport

Hi Saurabh,

     If you just want to use the blhost to check the 0X40C data, and you find the 0X40C still 0XFE and not the 0XFF which you want to download.

    I don't know how you download the secured code to the chip? Some IDE or the debugger need to do the configuration, otherwise the secure area won't be updated.

   I highly suggest you generate the .hex file, then check the 0X40C at first, make sure the app.hex 0X40C is really 0XFF, then you can use the blhost download that app, then check it again.

   As I know, the IAR need to do the specific configuation, the KDS or MCUXpresso associate with the P&E debugger also may have problem, so, if you still want to use the debugger to download the code, I suggest you use the JLINK, when you select the chip, you must select the chip with partnumber<allow security>, then you can use the JLINK commander window, with JLINK commander: loadfile app.hex addr to download the code.

Please try it again in you side.

If you still have question about it, please kindly let me know.


Have a great day,
Kerry

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 件の賞賛
返信

ソリューションへジャンプ
‎08-22-2018 11:25 PM
1,861件の閲覧回数
saurabhsaxena
Contributor III

Hi Kerry,

I am using IAR, the final HEX shows the FSEC's  SEC bit to be (11), But when I flash that I get (10),

Below is the snapshot, I using Jlink Commander to flash the MCU after doing a Erase chip.

2.png

I cant understand why its being forced into a unsecure state.

0 件の賞賛
返信

ソリューションへジャンプ
‎08-22-2018 10:54 PM
1,861件の閲覧回数
kerryzhou
NXP TechSupport
NXP TechSupport

Hi Saurabh,

     You are misunderstanding the FSEC secure function.

    Please check the K81 reference manual:

pastedImage_1.png

FSEC is just limit the debug access through the SWD/JTAG interface, it won't limit the ROM bootloader function.

 If you also don't want the ROM bootloader function work, you can can configure the BCA area, just disable the according ROM bootloader interface:

pastedImage_2.png

Wish it helps you!


Have a great day,
Kerry

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 件の賞賛
返信