How to secure k60fx512 ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to secure k60fx512 ?

Jump to solution
875 Views
handychandra
Contributor III

Hi,

I am using mqx with twrk60f120m bsp modified to support k60fx512vlq12. i have read that flash configuration bytes is configured in vectors.c

i have set config4 define to 0xffffffff, but when i  run the code, the mcu is still not secured. Please help me with this.

Tags (2)
0 Kudos
Reply
1 Solution
716 Views
RadekS
NXP Employee
NXP Employee

I suppose that there is problem with reprogramming of FSEC byte default state = 0xFE = unsecured.

I guess that your loader simply write code into flash without erasing. So, when we rewrite default security byte 0xFE by 0xFF, nothing happened and MCU stay unsecured (Flash bit could be programmed only in one direction 0b1 -> 0b0).

Note: Flash data must be in the erased state before being programmed. Cumulative programming of bits is not allowed.

So, you have to:

  1. erase sector from address 0x400 prior programming OR
  2. choose different value of SEC bits. For example: 0xfffffffc.

Second solution isn’t clear (cumulative programming), but in case of security byte it could be conditionally accepted.

View solution in original post

0 Kudos
Reply
2 Replies
716 Views
handychandra
Contributor III

Solved. It seems i need to write config 4 0xfffffffc. 0xffffffff doesn't work.

When flash is erased, the sec bit in flash reads out 0xfe. so writing 0xff doesn't work. writing 0xfc will secure the mcu.

0 Kudos
Reply
717 Views
RadekS
NXP Employee
NXP Employee

I suppose that there is problem with reprogramming of FSEC byte default state = 0xFE = unsecured.

I guess that your loader simply write code into flash without erasing. So, when we rewrite default security byte 0xFE by 0xFF, nothing happened and MCU stay unsecured (Flash bit could be programmed only in one direction 0b1 -> 0b0).

Note: Flash data must be in the erased state before being programmed. Cumulative programming of bits is not allowed.

So, you have to:

  1. erase sector from address 0x400 prior programming OR
  2. choose different value of SEC bits. For example: 0xfffffffc.

Second solution isn’t clear (cumulative programming), but in case of security byte it could be conditionally accepted.

0 Kudos
Reply