HI,
I have question about s32k144 using Trace32.
I already check that setting password using Trace32 is possible.
like
Data.set SD:400 %Long &pwd_1
Data.set SD:404 %Long &pwd_2
Data.set SD:40C %Byte 0xBF
but after that, I don't know is it possible to access debug port after secure setting.
in Reference manual
1. I think it means T32 cannot access after security. right?
but the manual mention that
"A mass erase via the debugger is allowed even when some memory locations are protected."
2. Is it possible to mass erase using Trace32 after security?
3. So...Is it possible Verify Backdoor using Trace32 in s32k144?
4. And....the reference manual said
Does this mean that inserting code into the firmware is the only way to verify the backdoor key?
thank you.
2. If Trace32 is only able to access the target via the SWD port,
would it still be possible to perform a mass erase using Trace32?
3. In addition, if Trace32 supports any access methods to the S32K144 other than the SWD port,
I would appreciate it if you could provide some information about those methods as well.
thank you for your support.
Hi @LGI
- I think it means T32 cannot access after security. right?
but the manual mention that
"A mass erase via the debugger is allowed even when some memory locations are protected."
If the device is secured, you are allowed only to run boundary scan chain operations and to perform mass erase. And mass erase can be performed only if it is not disabled by MEEN bits and only if CSEc is not enabled (enabled CSEc blocks mass erase command).
- Is it possible to mass erase using Trace32 after security?
Yes but not always – as mentioned above.
- So...Is it possible Verify Backdoor using Trace32 in s32k144?
No.
- And....the reference manual said
Does this mean that inserting code into the firmware is the only way to verify the backdoor key?
Yes. You can take a look at this SW example:
Regards,
Lukas
- How can I set CSEc not enabled?
CSEc is disabled by default. It can be enabled by Program Partition command with “CSEc Key Size” parameter different from zero.
To be able to mass erase device with CSEc enabled, it would be necessary to erase all keys (reset the device back to factory state) using CMD_DBG_CHAL and CMD_DBG_AUTH commands with knowledge of MASTER_ECU_KEY.
- If Trace32 is only able to access the target via the SWD port,
would it still be possible to perform a mass erase using Trace32?
If mass erase is not disabled by MEEN or CSEc, you can use command flash.UNSECUREerase in Trace32.
- In addition, if Trace32 supports any access methods to the S32K144 other than the SWD port,
I would appreciate it if you could provide some information about those methods as well.
No, there are no other options.