FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

mc9s12 damaged ?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

mc9s12 damaged ?

‎09-12-2016 01:51 PM
1,110 Views
angelo_d
Senior Contributor I

Dear all,

 

working with mc9s12XEG128 (cpu id 0x2dd) doing some gcc tests with this mcu, looks like, from some wrong objcopy flag generating s19, i have programmed wrongly the mcu from Codewarrior "hiwave". Programming succeded but just after i cant re-program the flash anymore, getting several <timeout>. Background debugger can still connect but nothing more, any erase / program attempt fails in timeouts.

What do you suggest ?

I have also created a brand new CW project from wizard, for this part, nothing changes.

I can in case replace the IC but i hope i can recover someway.

 

thanks and regards,

angelo

Labels (1)
Labels
Reply
5 Replies

‎09-22-2016 02:08 AM
816 Views
angelo_d
Senior Contributor I

Hi Radek,

yes all solved, after mainly unsecure, rewriting that flash_array[] @0xFF00 i could recover the device successfully.

Many thanksm

angelo

0 Kudos
Reply

‎09-13-2016 09:11 AM
816 Views
angelo_d
Senior Contributor I

Dear Radek,

thanks for the kind reply.

Well, device looks already unsecured.

I tried both Code Warrior debugger menu ->HC12MultilinkCyclonePro->Unsecure and also P&E unsecure tool, both says device

is unsecured.

flash_01.png

Also, i suspect i erased the device ID .... or that the debugger can't read correct device ID, debugger menu "HC12MultilinkCyclonePro->Flash"  shows a strange 0x02dd value (and strange memory map), while i was expecting a 0xc082

flash_02.png

thanks

angelo

0 Kudos
Reply

‎09-14-2016 07:45 AM
816 Views
angelo_d
Senior Contributor I

Hi Radek and all,

i thought was s easy to brick this mcu. No, luckily, it is not. I followed this procedure:

* used cw 5.1

* created new project from template mc9s12xeg128

* unsecured mcu from menu

* added to main.c

const unsigned char flash_array[] @0xFF00 = {0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBD};

* build and programmed. But had still some error after programming, so tried from debugger "Flash" menu, selecting all needed popup sections. So i succeeded.

Still many thanks.

angelo

0 Kudos
Reply

‎09-16-2016 03:44 AM
816 Views
RadekS
NXP Employee
NXP Employee

Hi Angelo,

I am not aware of any way how to erase device ID from the customer side.

 

I see some Timeout on the picture with the debugging map and empty windows. It rather looks like some issue with connection to MCU (The BDM communication may be interrupted by reset or MCU may be secured).

When you modify any value in range 0xFF08~0xFF0F (as in your case), please enter FLASH NOUNSECURE command into preload file (your_project_dir\cmd\).

 

You are right, in debugger Flash menu you may erase the default flash security byte at address 0xFF0F and reprogram it by your s19 file. This is a second possible way how to avoid potential ECC error at 0xFF08~0xFF0F flash phrase.

I hope it helps you.

Have a great day,
Radek

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Reply

‎09-13-2016 12:53 AM
816 Views
RadekS
NXP Employee
NXP Employee

Hi Angelo,

According to your description, it rather looks like secured MCU.

Please try using the unsecure feature in CW In Code Warrior debugger menu ->MultilinkCyclonePro->Unsecure…

It should completely erase the whole MCU…

 

The reason for secured MCU may be probably ECC.

Datasheet says:

"If a double bit fault is detected while reading the P-Flash phrase containing the P-Flash protection byte during the reset sequence, the FPOPEN bit will be cleared and remaining bits in the FPROT register will be set to leave the P-Flash memory fully protected."

The security byte at 0xFF0F address is programmed to 0xFE by default. If we load any data into phrase 0xFF08~0xFF0F, we have to erase security byte first.

This may be solved by “FLASH NOUNSECURE” command in preload command file (P&E_Multilink_USB_Preload.cmd if you use PE Multilink).

 

See short description about S12(X) security for more details:

https://community.nxp.com/docs/DOC-93803

I hope it helps you.

Have a great day,
Radek

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Reply