S12Z Security

LiZhanWu · ‎05-08-2023

I use S12ZVML31 mcu. I've problem. FSEC register is not correctly loaded from configuration field after reset in my application.
I use this code:

volatile const unsigned char flash_array[] @0xFFFE00 = {0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBD};

The following code is added in prm file

ENTRIES /* keep the following unreferenced variables */
/* OSEK: always allocate the vector table and all dependent objects */
//_vectab OsBuildNumber _OsOrtiStackStart _OsOrtiStart
flash_array;_vectab
END

but immediately after reset FSEC is still 0xFE.

I need secure my device but device is still unsecured.

help me,Thanks!

RadekS · ‎05-17-2023

Hi LiZhanWu,

I just see a small syntax issue in the ENTRIES block in prm linker file.

There shouldn't be any delimiter between object names, only space characters.

This may be a potential source of the described issue.

According to "c:\Freescale\CW MCU v11.1\MCU\Help\PDF\MCU_Build_Tools_Utilities.pdf" , chapter 28.1.6 ENTRIES: List of Objects to Link with Application

Syntax(Freescale):
ENTRIES objName {objName} END

So, in your case, there should be only:

ENTRIES /* keep the following unreferenced variables */
flash_array _vectab
END

I hope it helps you.

Best regards

RadekS

lama · ‎05-09-2023

Hi,

when the MCU loads the code in debug mode then security is disabled (the security byte is programmed to unsecure state) and it is ensured the MCU will be accessible by BDM. Why? Because if the MCU is secured then there is no possibility to access the MCU except mass erase command from BDM.

Look int attached file and png + doc files inside it which says more.

Moreover, if you use "normal"/standalone (no debugging is expected) programming of the S19 record......if the Srecord contains the security byte programmed to secure state or there is nothing in Srecord related to this address and the MCU is erased before programming then the device will be always secured because security byte contains erased value 0xFF.

You can understand from previous paragraph that normally (production and no backdoor key is required) the MCU is secured after masserase and program. So default status without touching security byte is secured without backdoor key. If we want to have the MCU unsecured in the field then we have to program the security byte to unsecure state.

Best regards,

Ladislav

LiZhanWu · ‎05-09-2023

Thanks！

Your answer has helped me a lot.Now my problem is that,I can't choose "Secure/Unsecure actions".Does S12ZVML31 not support this feature?

lama · ‎05-10-2023

Hi,

I found that it is not supported.

The only way is to load the code in debug mode and the device will be unsecured because as I mentioned the CW automatically mass erase and unsecures the device before programming.

I checked pwww.pemicro.com and they also have the only unsecure tool for older families.

Bet regards,

Ladislav

LiZhanWu · ‎05-11-2023

hi：

That means if without additional chips, Code in MCU's Flash will not be protected.Is that right?

Thanks!

kef2 · ‎05-12-2023

CodeWarrior for S08/S12/S12X/.. with P&E Multilink/Cyclone newer supported device security in all respects. P&E perhaps wants you to buy their prog08/12/etc. That software has dedicated secure command.

Classic CodeWarrior's, which are not available for S12Z, allowed to let user do with configuration sector whatever developer wants, adding this to debugger *.cmd scripts.

FLASH AEFSKIPERASING 0

Though using dedicated programmer, which secures chips, as I remember CodeWarrior for S12Z allows securing device as well. Unfortunately can't say you how by now due to S12Z supply shortage, which forces to use more available alternatives...