Hi @Harold_zhou
To ensure that only authorized users can access the debug port on S32K1 devices, you can use the Flash Security (FSEC) register to limit access.
The S32K1 family can limit access to Flash r and disable access to the MCU through JTAG by configuring the FSEC[SEC] bits. This restricts access to registers within the JTAG and debug logic via the debug port, but no other registers or memory inside the processor.
To enable or disable the JTAG interface. You must manipulate the Flash section in the startup code.
/* Flash Configuration */
.section .FlashConfig, "a"
.long 0xFFFFFFFF /* 8 bytes backdoor comparison key */
.long 0xFFFFFFFF /* */
.long 0xFFFFFFFF /* 4 bytes program flash protection bytes */
.long 0xFFFF7FFE /* FDPROT:FEPROT:FOPT:FSEC(0xFE = unsecured) */
For more detailed information, refer to section 36.4.4.1.4 of the S32K1xx Series Reference Manual, Rev. 14.
Additionally, you can develop a custom bootloader that includes an authentication step before allowing code download. This can involve checking a digital signature or a password before enabling the debug interface.
For more detailed guidance, you can refer to the following resources:
Production Flash Programming Best Practices for S32K1xx MCUs
Getting Started with the CSEc Security Module
AN12218: S32K1xx Bootloader
Unified Bootloader Demo
BR, VaneB
