Hi,
SWD access can be restricted using FSEC non volatile register in flash configuration field at address at address 0x40C. It’s just necessary to program required value to this flash address. Notice that unsecured state is 0xFE. If you want to reprogram this value, it’s necessary to erase this sector first because cumulative programming is not allowed.
See section “5.2.1 Flash memory security” in the reference manual for more details:
https://www.nxp.com/webapp/Download?colCode=S32K1XXRM
“When the flash memory is secured (FSEC[SEC] = 00b, 01b, or 11b), programmer interfaces are allowed to launch only mass erase operations and have no access to memory locations.”
If you want to temporarily unsecure the device using password, software loaded in the MCU needs to Verify Backdoor key command (for example based on a command from external world like from UART or whatever like this) and then debug probe can establish the connection and access all internal resources.
We have SW example here:
From the reference manual:
“When mass erase is disabled, mass erase via the debugger is blocked. Hence, you will not
be able to connect the debugger in a secure device (MEEN disabled). An alternative in
that case would be to run verify backdoor key access through any communication
interface.”
Notice that mass erase can be disabled by MEEN in FSEC. And in addition, if you use CSEc module and if partition has been already done (CSEc has been enabled) then mass erase can be done only after authentication by CMD_DBG_CHAL and CMD_DBG_AUTH commands (that means you need to know MASTER ECU KEY).
Be aware that if the device is secured and mass erase is disabled (or CSE is enabled), it's not possible to recover over SWD. It's possible only if the software already loaded in the MCU has some functionality which can reprogram flash configuration field or which can run Verify Backdoor Key command or which can run CMD_DBG_CHAL and CMD_DBG_AUTH commands.
Regards,
Lukas
