FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Inquiry on Secure Debug Authentication and Flash Memory Protection for S32K324 RTD 3.0.0

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Inquiry on Secure Debug Authentication and Flash Memory Protection for S32K324 RTD 3.0.0

‎10-07-2025 02:53 AM
233 Views
Ranjith_kumar
Contributor II

Hi NXP team ,

I am currently working with the NXP S32K324 microcontroller using the RTD version 3.0.0, and I would like to implement secure debug and flash memory protection features with the following requirements:

  1. Secure Debug Access:

    • I want to protect the debug port by requiring password-based authentication before enabling any debug session, similar in concept to a UDS service.

    • Could you please provide recommended best practices or sample code that demonstrates how to enforce debugger authentication effectively on the S32K324 within the RTD 3.0.0 framework?

    • Guidance on integrating this authentication process into the debug workflow (e.g., with PEmicro Python scripts or equivalent) would be highly appreciated.

  2. Flash Memory Protection:

    • I aim to secure the flash memory such that write or erase operations require prior authorization or security clearance.

    • If available, could you share example code or reference designs that illustrate how to implement flash write/erase locking mechanisms?

    • Insight into relevant API usage or flash configuration registers for enforcing such protection is also requested.

Kind regards,
Ranjithkumar

0 Kudos
Reply
1 Reply

‎10-07-2025 11:09 AM
207 Views
VaneB
NXP TechSupport
NXP TechSupport

Hi @Ranjith_kumar 

It is possible to protect JTAG access using a password, and the process varies depending on whether HSE firmware is used or not. For detailed information about both approaches, please refer to the following community threads.

Can I disable S32K3's JTAG permanently by LifeCycle configuration bit without ADKP?

[S32K3] Restrict the debug access with a password when HSE is used

Regarding the authentication process for secure debugging, PEmicro provides comprehensive guidance, including explanations and the necessary Python scripts to enable and use the secure debug feature effectively.

NXP: Using PEmicro Tools to Enable S32K3xx Secure Debug Support

For information on FLASH protection, please refer to the following threads, where this topic has been discussed.

How do I configure FLASH protection for the S32K312

Flash Protection Register

 

BR, VaneB

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2181114%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3EInquiry%20on%20Secure%20Debug%20Authentication%20and%20Flash%20Memory%20Protection%20for%20S32K324%20RTD%203.0.0%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2181114%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%20NXP%20team%20%2C%3C%2FP%3E%3CP%20class%3D%22%22%3EI%20am%20currently%20working%20with%20the%20NXP%20S32K324%20microcontroller%20using%20the%20RTD%20version%203.0.0%2C%20and%20I%20would%20like%20to%20implement%20secure%20debug%20and%20flash%20memory%20protection%20features%20with%20the%20following%20requirements%3A%3C%2FP%3E%3COL%3E%3CLI%3E%3CP%20class%3D%22%22%3E%3CSTRONG%3ESecure%20Debug%20Access%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CUL%3E%3CLI%3E%3CP%20class%3D%22%22%3EI%20want%20to%20protect%20the%20debug%20port%20by%20requiring%20password-based%20authentication%20before%20enabling%20any%20debug%20session%2C%20similar%20in%20concept%20to%20a%20UDS%20service.%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%20class%3D%22%22%3ECould%20you%20please%20provide%20recommended%20best%20practices%20or%20sample%20code%20that%20demonstrates%20how%20to%20enforce%20debugger%20authentication%20effectively%20on%20the%20S32K324%20within%20the%20RTD%203.0.0%20framework%3F%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%20class%3D%22%22%3EGuidance%20on%20integrating%20this%20authentication%20process%20into%20the%20debug%20workflow%20(e.g.%2C%20with%20PEmicro%20Python%20scripts%20or%20equivalent)%20would%20be%20highly%20appreciated.%3C%2FP%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3CLI%3E%3CP%20class%3D%22%22%3E%3CSTRONG%3EFlash%20Memory%20Protection%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CUL%3E%3CLI%3E%3CP%20class%3D%22%22%3EI%20aim%20to%20secure%20the%20flash%20memory%20such%20that%20write%20or%20erase%20operations%20require%20prior%20authorization%20or%20security%20clearance.%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%20class%3D%22%22%3EIf%20available%2C%20could%20you%20share%20example%20code%20or%20reference%20designs%20that%20illustrate%20how%20to%20implement%20flash%20write%2Ferase%20locking%20mechanisms%3F%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%20class%3D%22%22%3EInsight%20into%20relevant%20API%20usage%20or%20flash%20configuration%20registers%20for%20enforcing%20such%20protection%20is%20also%20requested.%3C%2FP%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FOL%3E%3CP%20class%3D%22%22%3EKind%20regards%2C%3CBR%20%2F%3ERanjithkumar%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2181410%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Inquiry%20on%20Secure%20Debug%20Authentication%20and%20Flash%20Memory%20Protection%20for%20S32K324%20RTD%203.0.0%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2181410%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F236684%22%20target%3D%22_blank%22%3E%40Ranjith_kumar%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20is%20possible%20to%20protect%20JTAG%20access%20using%20a%20password%2C%20and%20the%20process%20varies%20depending%20on%20whether%20HSE%20firmware%20is%20used%20or%20not.%20For%20detailed%20information%20about%20both%20approaches%2C%20please%20refer%20to%20the%20following%20community%20threads.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2FS32K%2FCan-I-disable-S32K3-s-JTAG-permanently-by-LifeCycle%2Fm-p%2F1505254%22%20target%3D%22_blank%22%3ECan%20I%20disable%20S32K3's%20JTAG%20permanently%20by%20LifeCycle%20configuration%20bit%20without%20ADKP%3F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2FS32K%2FS32K3-Restrict-the-debug-access-with-a-password-when-HSE-is-used%2Fm-p%2F1756696%22%20target%3D%22_blank%22%3E%5BS32K3%5D%20Restrict%20the%20debug%20access%20with%20a%20password%20when%20HSE%20is%20used%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ERegarding%20the%20authentication%20process%20for%20secure%20debugging%2C%20PEmicro%20provides%20comprehensive%20guidance%2C%20including%20explanations%20and%20the%20necessary%20Python%20scripts%20to%20enable%20and%20use%20the%20secure%20debug%20feature%20effectively.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.pemicro.com%2Flearningcenter%2Fcontents.cfm%3Fcontent_id%3D82%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ENXP%3A%20Using%20PEmicro%20Tools%20to%20Enable%20S32K3xx%20Secure%20Debug%20Support%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EFor%20information%20on%20FLASH%20protection%2C%20please%20refer%20to%20the%20following%20threads%2C%20where%20this%20topic%20has%20been%20discussed.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2FS32K%2FHow-do-I-configure-FLASH-protection-for-the-S32K312%2Ftd-p%2F2116456%22%20target%3D%22_blank%22%3EHow%20do%20I%20configure%20FLASH%20protection%20for%20the%20S32K312%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2FS32K%2FFlash-Protection-Register%2Ftd-p%2F2141729%22%20target%3D%22_blank%22%3EFlash%20Protection%20Register%3C%2FA%3E%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EBR%2C%20VaneB%3C%2FP%3E%3C%2FLINGO-BODY%3E