FS32K116LAT0MFMT CSEc

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

FS32K116LAT0MFMT CSEc

1,152 次查看
Embedded_novice
Contributor III

The chip I am using is FS32K116LAT0MFMT. As far as I know, this chip comes with a CSEc module. When I erase the chip, if I erase DFlash (using J-FLASH and default configuration), it will cause FLASH to lock (JLINK cannot connect, cannot simulate, and the RESET pin is a rectangular wave) and cannot be restored (using the unlock command is invalid). I have learned that CSEc's flash key is stored in DFlash. Does this mean that erasing it without any command verification will result in FLASH protection (I learned in the S32K-RM manual that there is a corresponding command to authenticate).
My question is:
1. Is there any way for me to recover after erasing DFLASH and possible FLASH keys through abnormal operations?
2. Can I disable the CSEc function in any way?

0 项奖励
回复
2 回复数

1,123 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @Embedded_novice 

Let me share a screenshot from AN12130:
https://www.nxp.com/docs/en/application-note/AN12130.pdf

lukaszadrapa_0-1709551097314.png

 

So, this could be one problem.
Another problem is that J-Link uses mass erase (Erase All Blocks command) when loading new project. But if CSEc is enable, mass erase cannot be used. From the reference manual:

"NOTE
For CSEc enabled parts, once Flash Keys are allocated
(regardless of being initialized or not), the Erase All Blocks
Unsecure command is blocked from executing. Refer to the
commands CMD_DBG_CHAL and CMD_DBG_AUTH for the
procedures to pass a challenge/authentication process which
will first remove the keys, then (assuming successful execution)
allow this command to be executed."

The only way to disable CSEc is to run mentioned CMD_DBG_CHAL and CMD_DBG_AUTH with knowledge of MASTER_ECU_KEY. That's the only option, it can't be just simply erased.

For example, Pemicro debugger does not use mass erase, it erases the flash block by block, so it works even if CSEc is enabled.

Regards,
Lukas

0 项奖励
回复

1,118 次查看
Embedded_novice
Contributor III

Hi.@lukaszadrapa 

I saw in the reference manual that CSEc is a feature that requires you to configure an empt EEPROM in DFLASH to enable it, I am not currently configuring EEPROM, which should mean that I am not enabling the CSEc module. At the same time, I also checked the FSEC register in my FTFC register, where the read value shows that batch erase is allowed and it is in insecure mode, which should be the effect of the configuration word that needs to be configured for the address segment 0x400-0x40F you mentioned in the screenshot. However, after I do the chip erase, my chip will lock up and give me some exception at the address 0x400-0x40F, forgive me for not knowing much about this error, but it means that I can't recover it and the chip is completely dead. Have you ever been in this situation? Or do you have any thoughts on how this situation arose

P.S.If I use J-FLASH to erase the chip and only manipulate the PFLASH fields, this problem does not occur. Even though the flash is protected, I can unlock it with the unlock command.So I think it's possible that the CSEc key in DFLASH was erased(My conjecture)
Because of the poor contact of the SWD debugging pin, the problem of locking will occur after the J-FLASH indicates that the erase is successful and the SWD pin is disconnected immediately.

Thank you very much for your answer to the CSEc module. I hope you can provide some ideas for the subsequent questions. Regardless of whether can solve this problem, all thank you very much for your help.Snipaste_2024-03-05_09-54-31.pngSnipaste_2024-03-05_09-59-47.png

0 项奖励
回复