Here I have shared example code for MPC5674F.
https://community.nxp.com/servlet/JiveServlet/download/813028-1-386922/MPC5674F_Censorship.zip
The example consists of 2 parts and document describes how to access censored device via JTAG with using of PeMicro or Lauterbach debugger.
WARNING: Use censorship feature very carefully, because an inappropriate usage can lead in making the device useless!!! Thoroughly read all instructions before use!!!
If you accidentally erase shadow flash there is no chance to recover it (unless it had been though about before).
If your device is censored and you don’t have any pre-prepared recovery code located in the internal flash memory, there is no way how to unlock it and everything you can do is to order new sample, and re-solder it instead of the censored one.
Thus it is very simple to permanently lock-down the device, for instance if you erase
censorship control words (or the whole shadow flash), your device will be permanently locked out.
For instance if you write to address 0x00FF_FDE0 value 0xBABA (any value except
0x55AA) and to address 0x00FF_FDE2 value 0xBABA as well, you will have following (for various BOOTCFG configuration):
00: Internal - Censored - internal flash enabled, nexus disabled => internal flash not accesible from outside as nexus is disabled
01: Serial - Public Password - internal flash disabled, nexus enabled => internal flash not accesible as it is completely disabled, code can run only from SRAM (downloaded by eSCI or CAN before execution)
10/11: EBI - Flash not censored - internal flash disabled, nexus enabled => internal flash not accesible as it is completely disabled, code can run only form EBI
In any of the cases above internal flash code cannot be stolen as either nexus or internal flash is in disabled state.
