MC9S08 & backdoor security key

Discussion created by ROB LUND on Mar 16, 2007
Latest reply on Mar 20, 2007 by David Payne
Hello, all.

Rather than ask rambling vague questions, let me tell you what I want to do. I have EEPROM emulation in Flash working now in my MC9S08QGx. I also have this working on some older MC908QTx (non-S family) boards too.

The great thing about the QT family security mechanism was that the boot vectors doubled as a security code. With my P&E Micro programmer, I could very easily read the contents of the user flash, e.g., all that EEPROM-like user data. The "history" of the board could be read. This has proved to be a great troubleshooting tool.

On the newer 9S08 boards, I don't believe I have this option, at last with P&E tools. I've asked the question over at the P&E forums, and one of their tech support people verified that suspicion.

But I'm very curious about the backdoor security key feature in the S family. I've read this post and this post, but I'm still foggy.

From the datasheet (page 50), it sounds to me like this should be possible:
...a secure user program can temporarily disengage security by: 2. Writing the user-entered key values to the NVBACKKEY through NVBACKKEY+7 locations... User software normally would get the key codes from outside the MCU system through a communication interface such as a serial I/O.

So can I do what I want in the 9S08 -- secure the flash, yet read back the stored user data later with the backdoor key?