USBDM failing to make secure FXTH87XXXX

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

USBDM failing to make secure FXTH87XXXX

Jump to solution
1,391 Views
sunrme
Contributor III

Hi All.

I have a problem to make MCU secure.

In datasheet:

A user engages security by programming the NVOPT location, which can be done at the same time the FLASH memory is programmed.

1-st way:

I added the line for secure:

const byte NVOPT_INIT @0x0000FFBF = 0x00;

After building, in the hex file we can find this line :

S104FFBF003D

After programming this flash image, MCU becomes secure, but the application doesn’t work. Without this line everything is ok, MCU work correctly. Why this way doesn’t work or how to secure this sensor?

2-d way:

I try to use FLASH PROGRAMMER with setting Security->Secure. The same result. MCU become secure, but doesn't work.

3-d way:

A found some solution, but I think it isn’t right way for mass production.

  1. I flash my code in USER FLASH.
  2. Dump memory from 0xC000 to 0xFFFF and save file.
  3. Change NVOPT value to 00 and checksum
  4. Flash new image in to the MCU and all is ok.

MCU becomes secure and works.

chip FXTH871511DT1

IDE codewarrior 10.5

Labels (1)
1 Solution
897 Views
pgo
Senior Contributor V

Hi Sunrme,

To change the security it is necessary to erase the sector containing the security data,  Since some of this sector is needed for the pre-programmed firmware it is not possible to change the security without damaging the firmware.

The process you have followed would avoid the above problem and appears workable.

I can't offer an alternative if a checksum is used.

I'm unsure what the process is for other programmers but I cannot see how they could avoid the problem.

I cannot find any reference to security in the firmware manual and the chip manual blithely suggests changing the NVOPT byte but this leads to the problem you have outlined.

If the firmware doesn't use a checksum then the following process (should) work.  It is basically a slightly easier method of obtaining what you have already done.

  1. Use the memory dump program to obtain a copy of the firmware from the chip you are actually programming. This is necessary because as well as the firmware there is individual calibration data programmed to each chip.
  2. Load this into the HCS08 programmer.
  3. Select incremental load.
  4. pastedImage_5.png
  5. Load your program (including the security information)
  6. Select the full-erase version of the chip option and mass erase.
  7. pastedImage_0.png
  8. pastedImage_5.png
  9. Select image for security
  10. pastedImage_8.png
  11. Program the target.

This should combine the existing firmware with your program.

Alternatively, select Secure and don't have security information in your image.

If you try this please let me know if it works.

I suggest you post a question on the general HCS08 forum to find out what the 'recommended' approach is in general i.e. not specific to USBDM.  There may be some process we are unaware of.

bye

View solution in original post

2 Replies
898 Views
pgo
Senior Contributor V

Hi Sunrme,

To change the security it is necessary to erase the sector containing the security data,  Since some of this sector is needed for the pre-programmed firmware it is not possible to change the security without damaging the firmware.

The process you have followed would avoid the above problem and appears workable.

I can't offer an alternative if a checksum is used.

I'm unsure what the process is for other programmers but I cannot see how they could avoid the problem.

I cannot find any reference to security in the firmware manual and the chip manual blithely suggests changing the NVOPT byte but this leads to the problem you have outlined.

If the firmware doesn't use a checksum then the following process (should) work.  It is basically a slightly easier method of obtaining what you have already done.

  1. Use the memory dump program to obtain a copy of the firmware from the chip you are actually programming. This is necessary because as well as the firmware there is individual calibration data programmed to each chip.
  2. Load this into the HCS08 programmer.
  3. Select incremental load.
  4. pastedImage_5.png
  5. Load your program (including the security information)
  6. Select the full-erase version of the chip option and mass erase.
  7. pastedImage_0.png
  8. pastedImage_5.png
  9. Select image for security
  10. pastedImage_8.png
  11. Program the target.

This should combine the existing firmware with your program.

Alternatively, select Secure and don't have security information in your image.

If you try this please let me know if it works.

I suggest you post a question on the general HCS08 forum to find out what the 'recommended' approach is in general i.e. not specific to USBDM.  There may be some process we are unaware of.

bye

897 Views
sunrme
Contributor III

Hi pgo!

Big THANK YOU for your so fast reply. Your method work excellent and it much more easier then my. I will post in sensor forum about this issue.

I have also one question about unsecure. Is it real to unsecure this chip through backdoor security key? I write default security key FFFFFFFFFFFFFFFF and FD NVOPT register. So how I understand FlashProgrammer have to unsecure without editing hcs08_devices.xml. I load my program without security registers, check unsecure in Security section, but Flash Programmer show programming Failed:Target is secured. The Mass Erase option must be selected to program the device.

Do you have any ideas?

0 Kudos