FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Example S32K144 Verify Backdoor Access Key S32DS1.3

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Example S32K144 Verify Backdoor Access Key S32DS1.3

Example S32K144 Verify Backdoor Access Key S32DS1.3

********************************************************************************

Detailed Description:

The S32K144 MCU is secure if SEC bits are set to non 0b10 value in Flash Secure Register (FSEC).
And can be unsecure using either Mass Erase or Verify Backdoor Access Key command
provided they are enabled, again indicated by bits KEYEN and MEEM in the FSEC register.

The FSEC register is a read-only register and is loaded with the content of the flash security
byte in the Flash Configuration Field located in program flash memory during the reset sequence.
The configuration field holds the Backdoor comparison key as well and is configurable in startup_S32K144.S file.

The attached example code shows use of Verify Backdoor Access Key flash command.

The MCU is secured in the Flash configuration field and therefore once the application has been loaded
the debugger does not have access to the MCU which must be run stand-alone.

The state of the SEC bits is indicated by LEDs.
The RED LED indicates the MCU is secure (SEC != 0b10) after reset.
After a delay loop, the Verify Backdoor key command is executed

which will unsecure the device and the LED will turn BLUE (SEC = 0b10).

NOTE: The Verify Backdoor key command is executed from RAM to avoid simultaneous access to the PFlash block.

--------------------------------------------------------------------------------------------
Test HW:      S32144EVB-Q100
MCU:           S32K144 0N47T
Debugger:    S32DS1.3, OpenSDA
Target:          internal_FLASH
********************************************************************************
2.0     Sep-30-2017     Daniel
********************************************************************************

Attachments
Example_S32K144_Verify_Backdoor_Access_Key_S32DS1.3_v2.zip
Was this article helpful? Yes No
Comments
ummerkunnummalk
‎04-04-2019 11:29 PM
‎04-04-2019 11:29 PM

Hello danielmartynek‌,

   We have some S32K148 boards which are permanently secured because of a full flash erase. Can we use "Verify Backdoor Access Key" to unlock the board in this case?.

If it not possible for the already secured boards, can you please let me know on how can I enable Backdoor Access Key so that the device can be recovered/unsecured even after a full flash erase?.

Note: Full flash erase means 0x0 to Max including flash configurations.

Thanks

Ummer K

danielmartynek
‎04-05-2019 01:43 AM
‎04-05-2019 01:43 AM

Hello Ummer,

Unfortunately, this is not possible.

The Verify Backdoor Access Key command releases security if user-supplied keys in the FCCOB match those stored in the Backdoor Comparison Key bytes of the Flash
Configuration Field. You would have to have the key stored in the Flash configuration field and SW that would launch the command.

BR, Daniel

johnson_samuel
‎03-26-2020 09:35 AM
‎03-26-2020 09:35 AM

I have been using S32K148. I have written the Backdoor access key using Program phrase cmd and I can able to unlock the security using Verify Backdoor Access key.

But, I want to erase the "backdoor comparison key bytes" and rewrite those bytes with a different values. How can I do this?

For example,

stage#1: FFFFFFFFFFFFFFFF /*Default value*/

stage#2: 0102030405060708 /*After writing the keys*/

stage#3: FFFFFFFFFFFFFFFF /*Need to find a way to erase*/

stage#4: 0807060504030201 /*Need to find a way to rewrite*/

100% helpful (1/1)
Version history
Last update:
‎10-01-2017 01:42 PM
Updated by:
NXP TechSupport