Securing a project that has a bootloader

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Securing a project that has a bootloader

Jump to solution
582 Views
robotjosh
Contributor IV

I'm not sure I can use flash lock to secure a project because it needs to be able to write to flash with the bootloader.  Is there a way to secure a device that has a bootloader?  I need to be able to write to flash with a bootloader and also not be able to download that code with jtag.  Is there a way to disable jtag or otherwise make this secure against downloading the firmware while allowing the bootloader to write flash?

0 Kudos
1 Solution
438 Views
mjbcswitzerland
Specialist V

Jost

If you set the secure mode in the Flash configuration (this has to be set in the boot loader) it is not possible to communicate with EzPort or JTAG without first performing a mass erase.

There is however no restriction to the code (boot loader or application) from writing internal Flash.

This is the typical method or protecting code (with or without a boot loader).

It is also possible to disable the JTAG interface but this is extreme and un-recoverable (also a Flash configuration setting).

Regards

Mark

Kinetis: µTasker Kinetis support

For the complete "out-of-the-box" Kinetis experience and faster time to market

View solution in original post

0 Kudos
2 Replies
438 Views
Hui_Ma
NXP TechSupport
NXP TechSupport

Hi Josh,

There is an application note AN4507 about Kinetis product security and Flash protection feature.

When the Kinetis product be secured, the JTAG debug interface couldn't access the chip internal memory and registers.

While, even the Kinetis chip in secured status,  the internal routine also could do Flash erase and program.

Wish it helps.


Have a great day,
best regards,

Ma Hui

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

439 Views
mjbcswitzerland
Specialist V

Jost

If you set the secure mode in the Flash configuration (this has to be set in the boot loader) it is not possible to communicate with EzPort or JTAG without first performing a mass erase.

There is however no restriction to the code (boot loader or application) from writing internal Flash.

This is the typical method or protecting code (with or without a boot loader).

It is also possible to disable the JTAG interface but this is extreme and un-recoverable (also a Flash configuration setting).

Regards

Mark

Kinetis: µTasker Kinetis support

For the complete "out-of-the-box" Kinetis experience and faster time to market

0 Kudos