帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

S12ZVCA 48-pin LQFP mcu security

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

S12ZVCA 48-pin LQFP mcu security

跳至解决方案
‎06-22-2021 01:26 AM
965 次查看
s_kim1
Contributor III

Hello,

I am a firmware developer.
I developed with S12ZVCA and I have a question related to MCU security.

1. Is there any way to secure with CodeWarrior on S12ZVCA 48-pin LQFP mcu?
(change registers, add security code, etc.)
2. Is there any way other than removing BKGD to disable FC-6P?
3. Is there any way to secure it from the outside?
(circuit diagram, etc.)

4. How to stop the decompiler?

I would like to have the highest security possible with the S12ZVCA 48-pin LQFP mcu.
However, the MCU cannot be changed.

Please tell me how.

Regards,

0 项奖励
回复
1 解答

跳至解决方案
‎06-22-2021 03:52 AM
956 次查看
StanoA
NXP TechSupport
NXP TechSupport

Hello S_kim1,

The security feature is described in the RM in section 1.11.

https://www.nxp.com/webapp/Download?colCode=MC9S12ZVCRM

When the MCU is in secure mode the BDM interface access is restricted and the only complete FLASH erase is possible.

The MCU can be secured during application SW load or by special BDM command.

I suggest you to read the next community thread from my friend:

https://community.nxp.com/t5/S12-MagniV-Microcontrollers/S12-X-MCU-Security/ta-p/1111118

It is very helpful indeed.

I think it will help you with your task.

Best Regards,

Stano.

在原帖中查看解决方案

0 项奖励
回复
2 回复数

跳至解决方案
‎06-22-2021 03:52 AM
957 次查看
StanoA
NXP TechSupport
NXP TechSupport

Hello S_kim1,

The security feature is described in the RM in section 1.11.

https://www.nxp.com/webapp/Download?colCode=MC9S12ZVCRM

When the MCU is in secure mode the BDM interface access is restricted and the only complete FLASH erase is possible.

The MCU can be secured during application SW load or by special BDM command.

I suggest you to read the next community thread from my friend:

https://community.nxp.com/t5/S12-MagniV-Microcontrollers/S12-X-MCU-Security/ta-p/1111118

It is very helpful indeed.

I think it will help you with your task.

Best Regards,

Stano.

0 项奖励
回复

跳至解决方案
‎06-22-2021 07:51 PM
947 次查看
s_kim1
Contributor III

Thank you for answer.
It helped a lot.

I checked the datasheet for backdoor key access.

By comparing the FCCOB1~FCCOB4 registers with the key value through the external on-chip serial port, it was confirmed that the security mode can be disabled.

If I send the key value to the FCCOB1~FCCOB4 registers through SCI communication, can I use the backdoor key access function?

1. Write the code as 0x01 for all key values in FCCOB1~FCCOB4 registers.
2. Using a PC program, send data to 0x01 via SCI communication.
3. MCU compares FCCOB1~FCCOB4 register value with data value 0x01 received through SCI communication.
4. MCU security mode is disabled, so you can use debug mode.
5. All source code is done in the main statement.

In detail,

I use s12zvca192mlf MCU from codewarrior 11.1.

as a global variable


const unsigned char secure @ 0xFF0F = 0xFC;

declared this.

And inside the main statement
FCCOB0 = 0x0C;
FCCOB1 = 0x01;
FCCOB2 = 0x01;
FCCOB3 = 0x01;
FCCOB4 = 0x01;
I wrote it like this.

I will compare FCCOB0~FCCOB4 registers by SCI communication.

Is my understanding correct?


After that, I'm curious what the action is after comparing FCCOB0~FCCOB4.

Best Regards,

s_kim1.

标记 (1)
0 项奖励
回复