FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

secure to unsecure

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

secure to unsecure

‎06-22-2020 10:37 PM
3,018 Views
814420552
Contributor III

hello, 

<1> If my device enters safe mode, is the debugger unable to connect?
<2>There are several ways to release security
      1、The first method is to erase all block commands to remove read protection, but if CESc is enabled or write protection is present, the command cannot be executed. If CSEc and write protection are not enabled, the device can be set to unsecured state. Am I understanding right?
      2、The second method is to use the back door command, provided that the back door key has been configured. If the back door key has never been configured, the command cannot be executed. If the back door key has been configured, calling this command to pass in the correct key can make the device enter an unsecure state. I wonder if I understand this method correctly? I have a question: If the debug cannot be connected when it is in a secured state, how can this back door key be passed to the key stored in the device kernel for comparison?

       3、Another question is whether it is temporary to appeal two methods to change the device from a safe state to an unsafe state? If reset, does the device return to the original secured mode?
      4、If you want to keep the unsafe state after resetting the device, you need to call the erase all blocks unsecure command?

wish your help

0 Kudos
Reply
5 Replies

‎06-26-2020 03:09 AM
2,902 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi Kui,

I expect that "safe" means secure.

<1>. Debugger can be connected but the operation is limited:

pastedImage_1.png

<2>.

1. Yes, that's correct.

2. You can find SW sample here:

Example S32K144 Verify Backdoor Access Key S32DS1.3 

For example, you can use UART to pass the key to application and the application is then responsible to run Verify Backdoor Access Key command. In other words - this must be solved on application level.

3. Yes, if you use Backdoor key, it's unsecured temporarily only.

4. You need to change flash configuration field (FSEC) to unsecured state.

Regards,

Lukas

0 Kudos
Reply

‎06-27-2020 06:40 PM
2,902 Views
814420552
Contributor III

hello,

     if MEEN is disabled(it means debugger can not erase all block) and The user has not programmed to receive the back door key before enter secure,  then s32k146 device enter to secure,   how to chang device to unsecure? it seems has no way.   Erase All Blocks command  and  Erase All Blocks Unsecure command  also can not execute!

0 Kudos
Reply

‎06-28-2020 09:38 PM
2,902 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

yes, that's correct. There's no way to recover in this case. This is security feature and it's expected behavior.

Regards,

Lukas

Reply

‎07-18-2021 07:58 PM
2,437 Views
wjandsq
Contributor IV

I  have a uart bootloader,   it  run is good.  but  

about S32K144 FSEC

now my setup in startup_S32K144.s

1. SEC bit is secured
2. MEEN Mass erase is disabled

I don't know th KEYEN bit is enabled or not , and FSLACC factory access granted or not.

Now the SWD is disabled, application update only by bootloader.

the Example S32K144 Verify Backdoor Access Key S32DS1.3 is  usefull ?

Thanks!

0 Kudos
Reply

‎08-31-2020 08:26 PM
2,902 Views
814420552
Contributor III

hello,

     when used verify backdoor access  keys command to  release the security of the MCU, whether can i use debugger to access the memory such as flash data or EEPROM data? i think the memory should be accessed in  debug mode. but  when debug again it will tips the mcu is security after i  used verify backdoor access  keys command to  release the security of the MCU, so  this made me confused What is the application scenario for the backdoor key. 

0 Kudos
Reply