secure to unsecure

cancel
Showing results for 
Search instead for 
Did you mean: 

secure to unsecure

275 Views
Contributor II

hello, 

<1> If my device enters safe mode, is the debugger unable to connect?
<2>There are several ways to release security
      1、The first method is to erase all block commands to remove read protection, but if CESc is enabled or write protection is present, the command cannot be executed. If CSEc and write protection are not enabled, the device can be set to unsecured state. Am I understanding right?
      2、The second method is to use the back door command, provided that the back door key has been configured. If the back door key has never been configured, the command cannot be executed. If the back door key has been configured, calling this command to pass in the correct key can make the device enter an unsecure state. I wonder if I understand this method correctly? I have a question: If the debug cannot be connected when it is in a secured state, how can this back door key be passed to the key stored in the device kernel for comparison?

       3、Another question is whether it is temporary to appeal two methods to change the device from a safe state to an unsafe state? If reset, does the device return to the original secured mode?
      4、If you want to keep the unsafe state after resetting the device, you need to call the erase all blocks unsecure command?

wish your help

0 Kudos
4 Replies

159 Views
NXP TechSupport
NXP TechSupport

Hi Kui,

I expect that "safe" means secure.

<1>. Debugger can be connected but the operation is limited:

pastedImage_1.png

<2>.

1. Yes, that's correct.

2. You can find SW sample here:

Example S32K144 Verify Backdoor Access Key S32DS1.3 

For example, you can use UART to pass the key to application and the application is then responsible to run Verify Backdoor Access Key command. In other words - this must be solved on application level.

3. Yes, if you use Backdoor key, it's unsecured temporarily only.

4. You need to change flash configuration field (FSEC) to unsecured state.

Regards,

Lukas

0 Kudos

159 Views
Contributor II

hello,

     if MEEN is disabled(it means debugger can not erase all block) and The user has not programmed to receive the back door key before enter secure,  then s32k146 device enter to secure,   how to chang device to unsecure? it seems has no way.   Erase All Blocks command  and  Erase All Blocks Unsecure command  also can not execute!

0 Kudos

159 Views
NXP TechSupport
NXP TechSupport

Hi,

yes, that's correct. There's no way to recover in this case. This is security feature and it's expected behavior.

Regards,

Lukas

0 Kudos

158 Views
Contributor II

hello,

     when used verify backdoor access  keys command to  release the security of the MCU, whether can i use debugger to access the memory such as flash data or EEPROM data? i think the memory should be accessed in  debug mode. but  when debug again it will tips the mcu is security after i  used verify backdoor access  keys command to  release the security of the MCU, so  this made me confused What is the application scenario for the backdoor key. 

0 Kudos