Hi,
I would like to activate the JTAG lock on a S32K144 MCU. I write the backdoor key at address 0x400 and the following bytes into the configuration registers 0xFFFF7FAFu (0x408). Apparently the lock is working, I am not able to connect the the MCU and the flash driver gives back positive response when I try to verify my backdoor key (command 0x45).
My problem is that using winIDEA and iSystem iC5700 debugger I can easily remove this protection with "Unsecure" command. In this case the flash memory is erased and the FSEC register is set back to 0xFE. Is this the normal behaviour? Earlier I used S32K146 but there if the JTAG was locked once I was not able the disable the lock any more. (With 146 I used an older winIDEA version)
Thanks in advance!
Laszlo
Hi Laszlo,
Sorry for the late reply.
Can you show me the /* Flash Configuration */ of your project?
According to your description, do you set 4 bytes program flash protection bytes .long 0xFFFF7FAF?
But I didn't understand how the protection of the program flash region is related to the JTAG lock?
What is your FSEC value? If Mass Erase Enabled, then debugger can mass erase the chip by "Unsecure" command.
Best Regards,
Robin
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hello Robin,
In the startup file I set the whole flash config field to 0xFF (0x400-0x40F) and later on the user can update the backdoor key with help of a diagnostic routine which updates the configuration registers too (Maybe it would be better to write only the key, since the config does not change).
Perhaps last time I was used my former code where the FSEC register was set to 0xBF (0x40C) so the mass erase was enabled and therefore the unsecure was working. If I set it to 0xAF (MEEN = 10b and SEC = 11b) that means there is no way to change the flash content via debug port any longer? I
My main goal would be to protect the firmware from modification and even from being replaced.
Thanks in advance!
Laszlo
If you set it to 0xAF (MEEN = 10b and SEC = 11b), then "Unsecure" command by debugger can not mass erase the chip. However, if you first "Unsecure" command through a debugger and then unsecure the chip by backdoor key without resetting the chip, it may be mass erased.