Here I have shared example code for MPC5674F.
https://community.nxp.com/servlet/JiveServlet/download/813028-1-386922/MPC5674F_Censorship.zip
The example consists of 2 parts and document describes how to access censored device via JTAG with using of PeMicro or Lauterbach debugger.
WARNING: Use censorship feature very carefully, because an inappropriate usage can lead in making the device useless!!! Thoroughly read all instructions before use!!!
If you accidentally erase shadow flash there is no chance to recover it (unless it had been though about before).
If your device is censored and you don’t have any pre-prepared recovery code located in the internal flash memory, there is no way how to unlock it and everything you can do is to order new sample, and re-solder it instead of the censored one.
Thus it is very simple to permanently lock-down the device, for instance if you erase
censorship control words (or the whole shadow flash), your device will be permanently locked out.
For instance if you write to address 0x00FF_FDE0 value 0xBABA (any value except
0x55AA) and to address 0x00FF_FDE2 value 0xBABA as well, you will have following (for various BOOTCFG configuration):
00: Internal - Censored - internal flash enabled, nexus disabled => internal flash not accesible from outside as nexus is disabled
01: Serial - Public Password - internal flash disabled, nexus enabled => internal flash not accesible as it is completely disabled, code can run only from SRAM (downloaded by eSCI or CAN before execution)
10/11: EBI - Flash not censored - internal flash disabled, nexus enabled => internal flash not accesible as it is completely disabled, code can run only form EBI
In any of the cases above internal flash code cannot be stolen as either nexus or internal flash is in disabled state.
Hi David,
Following is the sequence of the errors i get when i try to execute the flash erase program.
Can i try uncensoring it using the serial boot mode?
Hello,
Following the application note AN3787.pdf and the code example given by @davidtosenovjan , i have to tried to erase the shadow flash A and instantanly rewrite it on a MPC5674F.
The goal was testing a way to disable and re-enable the JTAG access.
However, the device seems to be locked, and JTAG access through IC5700 seems not possible anymore.
Do you have any clue about the reason?
Is there a way to recover from that situation and enable anew the JTAG access?
Regards,
Nicolas