Zoran Bjelic

BDM and FLASH security (MC9S12C32)

Discussion created by Zoran Bjelic on Jan 12, 2007
Latest reply on Jan 15, 2007 by Zoran Bjelic
I'm developing a BDM based FLASH program utility; it works fine with my HC12 CPUs, but I encountered some problems when trying to support the HCS12C32.

After resetting the CPU to active BDM mode (BDM enabled and active), I get 3 different options that depend on FLASH array condition:

1) FLASH is empty and unsecured, that is, 0xFF0F is programmed to 0xFE. BDM status register BDMSTS reads 0xC0 (ENBDM = 1, BDMACT = 1, UNSEC = 0). I can access FLASH state machine and mass erase and erase verify functions work fine. I can execute code from RAM.

2) FLASH is empty and not unsecured, that is, 0xFF0F is left in unprogrammed state (0xFF). BDM status register BDMSTS reads 0xC2 (ENBDM = 1, BDMACT = 1, UNSEC = 1). I can access FLASH state machine and mass erase and erase verify functions work fine. I CANNOT execute code from RAM.

In both cases 1) an 2) FLASH programming using BDM commands works fine ONLY on lower FLASH page (0x3E). On higher FLASH page all addresses get shifted left for one bit, that is, when trying to program 0xFF0E location, location 0xFE1C gets programmed instead. I'm puzzled.

3) FLASH is not empty and not unsecured (some words programmed, 0xFF0F left unprogrammed). All BDM reads using _BD_ commands return zeros and I can't really do anything. I'm puzzled even more.

The FCLKDIV register was set after each reset to 41 (0x29). The value is calculated using the fig. 4-1 determination procedure. I use 8 MHz crystal and PLL is not configured, so oscillator frequency is 8 MHz and bus frequency is 4 MHz, right?

For my projects I use iSystem IC3000 emulator and it has no problems interfacing to C32. It can program, secure, and unsecure FLASH with no trouble at all, so I guess there are no hardware related issues.

So, what did I miss? Any hints?

Thanks for being patient reading all this

Outcomes