SEGGER J-Link Commander V7.80d (Compiled Oct 4 2022 16:40:45) DLL version V7.80d, compiled Oct 4 2022 16:40:22
Connecting to J-Link via USB...O.K. Firmware: J-Link V10 compiled Sep 22 2022 14:59:36 Hardware version: V10.10 J-Link uptime (since boot): N/A (Not supported by this model) S/N: 50124738 License(s): GDB VTref=4.982V Device "S32K144 (ALLOW SECURITY)" selected.
Connecting to target via SWD InitTarget() start Device will be unsecured now. InitTarget() end Found SW-DP with ID 0x2BA01477 DPIDR: 0x2BA01477 CoreSight SoC-400 or earlier Scanning AP map to find all available APs AP[2]: Stopped AP scan as end of AP map has been reached AP[0]: AHB-AP (IDR: 0x24770011) AP[1]: JTAG-AP (IDR: 0x001C0000) Iterating through AP map to find AHB-AP to use AP[0]: Skipped. Could not read CPUID register AP[1]: Skipped. Not an AHB-AP InitTarget() start Device will be unsecured now. Timeout while halting CPU. InitTarget() end Found SW-DP with ID 0x2BA01477 DPIDR: 0x2BA01477 CoreSight SoC-400 or earlier Scanning AP map to find all available APs AP[2]: Stopped AP scan as end of AP map has been reached AP[0]: AHB-AP (IDR: 0x24770011) AP[1]: JTAG-AP (IDR: 0x001C0000) Iterating through AP map to find AHB-AP to use AP[0]: Skipped. Could not read CPUID register AP[1]: Skipped. Not an AHB-AP
****** Error: Could not find core in Coresight setup
InitTarget() start Device will be unsecured now. Timeout while halting CPU. InitTarget() end Found SW-DP with ID 0x2BA01477 DPIDR: 0x2BA01477 CoreSight SoC-400 or earlier Scanning AP map to find all available APs AP[2]: Stopped AP scan as end of AP map has been reached AP[0]: AHB-AP (IDR: 0x24770011) AP[1]: JTAG-AP (IDR: 0x001C0000) Iterating through AP map to find AHB-AP to use AP[0]: Skipped. Could not read CPUID register AP[1]: Skipped. Not an AHB-AP InitTarget() start Device will be unsecured now. Timeout while halting CPU. InitTarget() end Found SW-DP with ID 0x2BA01477 DPIDR: 0x2BA01477 CoreSight SoC-400 or earlier Scanning AP map to find all available APs AP[2]: Stopped AP scan as end of AP map has been reached AP[0]: AHB-AP (IDR: 0x24770011) AP[1]: JTAG-AP (IDR: 0x001C0000) Iterating through AP map to find AHB-AP to use AP[0]: Skipped. Could not read CPUID register AP[1]: Skipped. Not an AHB-AP
****** Error: Could not find core in Coresight setup
Cannot connect to target.
Is it possible to recover this device?
As pointed out in this answer it is not possible to reset the partition without the master key. But I think this scenario is a little different because of the mass erase.
Once CSEc is enabled by PGMPART command, the mass erase is blocked until the partition is destroyed by CMD_DBG_CHAL and CMD_DBG_AUTH commands with knowledge of MASTER_ECU_KEY. So, JLink definitely could not perform mass erase. If the flash was erased by Erase Flash Block or by Erase Flash Sector commands leaving the Flash Configuration Field at 0x400 erased, the device is secured (because FSEC byte in the Flash Configuration Field is 0xFF and not in unsecured state 0xFE) while mass erase command is disabled due to CSEc. The result: the device is bricked with no way to recover.
Once CSEc is enabled by PGMPART command, the mass erase is blocked until the partition is destroyed by CMD_DBG_CHAL and CMD_DBG_AUTH commands with knowledge of MASTER_ECU_KEY. So, JLink definitely could not perform mass erase. If the flash was erased by Erase Flash Block or by Erase Flash Sector commands leaving the Flash Configuration Field at 0x400 erased, the device is secured (because FSEC byte in the Flash Configuration Field is 0xFF and not in unsecured state 0xFE) while mass erase command is disabled due to CSEc. The result: the device is bricked with no way to recover.
If the CSEc partition command is executed, and the master key command is not executed, after brushing into the MCU, if I want to erase the partition, is it valid to reprogram and set the master key to load and then execute the erase command?
This matches pretty much what I observed. I used the JLink Erase command which probably erases individual sectors leaving the device in secured state.
When I connect the JLink, I get a message that I need to mass erase the device. And I know understand that this operation is blocked by the CSEc partitioning.
