Greetings,
I am using KDS v3.2 with Processor expert and a custom board.
I am wondering what some of my resources are for securing my firmware on my K22FN256LH12. Reading through this document https://www.nxp.com/docs/en/application-note/AN4507.pdf
1. I see there is a basic "Security Enable" for JTag, which I use to access the chip. This allows for me to just not be able to debug, without erasing the whole chip correct? Once it is flashed, it can no longer be debugged, only re-flashed correct?
2. Backdoor key enable. Once this is used, a person cannot do anything to the chip without the 64 bit key? This includes flashing, erase, reading and debug correct? If I get in, I have full control again to flash right? Also I am unsure how to issue the Verify Backdoor Access Key command, is there a method I can use/ Where is this value stored that I can use to compare?
3. Mass erase disable. Is this like a one shot? Once you flash it, that's how it stays forever?
4. Freescale Access, I assume I should not allow access. Since I'll do the analysis.
Is there anything I missed or any suggestions? I like the backdoor key if it allows full access if the right key is entered (can I change this key after I've gained access and reflash?), but it seems to need a lot of structure for it to setup.
Thanks!
Hi Christoper
Usually setting the secure mode is adequate for code protection since it is then not possible to read the content without first issuing a mass erase (resulting in a fresh chip again).
Be very careful with JTAG lockout with mass erase disable since this restricts any further external programming or debugging and results in a bricked development unit in most cases.
Regards
Mark
uTasker developer and supporter (+5'000 hours experience on +60 Kinetis derivatives in +80 product developments)
Kinetis: http://www.utasker.com/kinetis.html