Hi,
> I found out that BDM interface is disabled totally when flash security is enabled.
Yes, this is because with the BDM, you could debug the MCU and read all of flash.
If you have not prepared for this scenario in advance, you most likely cannot reprogram flash on that MCU, using the BDM, even to erase it. In that case, the only option I found was to use the EzPort to do a bulk-erase, thereby unsecuring the flash.
With that said, when you enable flash security, that does not prevent the MCU itself from being able to read/write/erase the flash (assuming MCF_CFM_CFMPROT is temporarily reset to 0), so if you have a bootloader of some kind in your firmware, you can "update" flash and even clear the flash security bits. For this reason, your "update" process should first clear *all* of flash, before allowing the flash security bits to be changed -- otherwise, someone could again use this to access otherwise secure areas of flash.
We, for example, store AES encryption keys (not to mention the algorithmic code that accesses the keys!) in flash which we don't want anyone to be able to peek at -- whether using JTAG, BDM, or EzPort... So we turn on flash security. The only way out of that mode is either thru a bootloader "update" process, where the MCU clears all of flash first, or thru the EzPort bulk erase operation.
Hopefully that helps explain why folks would use flash security (and how you can fix a "brick" if you turned it on by mistake)?
-- Rich