Kinetis enable MKL13Z64 security sets MCU in hardfault

mohsin_butt · ‎07-14-2022

Hello Community,

We are observing strange behavior from MKL13Z64 MCU while setting flash security registers. The FSEC register has value 0xAA:

Backdoor key access enabled
Mass erase is disabled
Freescale factory access denied
MCU security status is unsecure

We have programmed the register by setting Flash Configuration Field in our SecondaryBootloader (SBL). The SBL loads application when it finds a valid checksum on a particular flash address otherwise, it starts ROM Bootloader. We cannot erase the flash which as expected is fine and the security status is unsecure we can connect using J-LINK for debugging. After initializing boot pins (BOARD_InitBootPins, which is empty) it gets hardfault and it resets. The only thing that changed in the SBL was the FSEC register value from 0xFE to 0xAA.

The value of FOPT register is 0x3D.

The backdoor key is also set but as the SBL gets into hardfault it does not start ROM bootloader and that is why we cannot use the backdoor key to start mass erase.

How can we rescue our board?

Thanks.

MCUXpresso IDE v11.1.0
SDK_2.x_MKL13Z64xxx4 2.8.0

EdwinHz · ‎07-19-2022

Hi @mohsin_butt,

I’m afraid that your board will most likely not be able to be recovered, specifically because of what you mention about not being able to use the backdoor key since the SBL is hard faulting.

mohsin_butt · ‎07-20-2022

@EdwinHzthanks for the reply.

What about the FSEC and FOPT values. Are they correct for the purpose that the debug port (JTAG/SWD) should be disabled for production?

What happens if in FSEC the MCU secure is enabled, backdoor key is enabled and mass erase is disabled, and we disable security using backdoor key? Is an automatic mass erase executed by ROM Bootloader or mass erase is then enabled? (We send backdoor key using blhost.exe after SBL starts ROM bootloader)

Thanks in advance.