AnsweredAssumed Answered

K82 unintentionally secured by blhost, mass_erase does not work

Question asked by Tomas Vanek on Aug 3, 2016
Latest reply on Aug 3, 2016 by Tomas Vanek

I have a custom board with MK82FN256VLL15, QSPI flash Micron N25Q064A and USB interface.

In NXP_Kinetis_Bootloader_2_0_0 I modified qcb_S25FL129P.c to fit N25Q064A parameters, built qspi_config_block.bin and used linux/i386/elftosb to link QCB with KSDK_2.0/boards/twrk80f150m/demo_apps/hello_world_qspi_alias/ application. Then I used

      blhost -u -- receive-sb-file


First trial to program QSPI flash failed due to wrong definition of programming command in QCB LUT. After first programing the MCU responded to blhost read-memory.

Then I retried with changed QCB. blhost programming failed and MCU got locked! blhost read-memory and other commands now reports:

     $ blhost -u -- read-memory 0 32

     Inject command 'read-memory'

     Response status = 10001 (0x2711) Command disallowed when security is enabled.

     Response word 1 = 0 (0x0)

     Read 0 of 32 bytes.


I connected the board to a SWD adapter and used OpenOCD to mass erase MCU. Unfortunately mass erase does not work, MCU stays locked. MDM-AP status register reads 0x3e (or 0x3f after mass erase and 0x36 with reset asserted) - so Mass Erase Enable bit indicates that mass erase should be possible. Please help unlocking the MCU.