S12 / MagniV微控制器知识库


S12 / MagniV Microcontrollers Knowledge Base



Customers are sometimes asking for reference schematics, so here is a batch of minimal configurations for main representatives of S12(X) family. Attached is also document that should answer most common questions. Hope this will help. Lukas
S12(X) MCU Secure: There’s a security byte in the flash memory at address 0xFF0F that should be programmed appropriately. Datasheet says: “The contents of the Flash Protection/Options byte at $FF0F in the Flash Protection/Options Field must be changed directly by programming $FF0F when the device is unsecured and the higher address sector is unprotected. If the Flash Protection/Options byte is left in the secure state, any reset will cause the MCU to return to the secure operating mode.”   If you use CodeWarrior then you can use the syntax as follows: const unsigned char secure @0xFF0F = 0xFC;   If the security is enabled then: - internal flash memory cannot be read via BDM device. - debug features are disabled. For more information see the description of FSEC register in datasheet.   I would like also recommend our application note AN2400 HCS12 NVM Guidelines: http://www.freescale.com/files/microcontrollers/doc/app_note/AN2400.pdf AN2880 Using the Backdoor Access Capability to Unsecure HCS12 MCUs: http://www.freescale.com/files/microcontrollers/doc/app_note/AN2880.pdf http://www.freescale.com/webapp/sps/download/license.jsp?colCode=AN2880SW     Security at S12(X) MCUs with 180nm Flash: This is related to all S12(X) MCUs with 180nm Flash with ECC (S12G, S12HY, S12P, S12XE, S12XF, S12XHY,  S12XS, MM912G634, MM912H634, MM912J637 and S12VR):   If we load the flash security byte together with other code, ****************** c code example: //set backdoor key and secure the flash (set flash security byte to 0xBD): const unsigned char flash_array[] @0xFF00 = {0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBD}; ****************** then we have to add following command to preload command file (P&E_Multilink_USB_Preload.cmd if you use PE Multilink):   FLASH NOUNSECURE   This command will ensure that the burner will not change security byte to unsecured state prior to programming. That's normal way: the MCU is erased, flash security byte is programmed to default unsecure state (0xFE) and then the code is loaded. We just have to turn off the programming of security byte.   Why: The cumulative bits within the phrase is not allowed. If the flash security byte at address 0xFF0F is not erased prior to programming of the new value then the ECC checksum of this phrase is corrupted and the MCU will be left in secured state and the flash will be fully protected after next reset.   Datasheet says: "If a double bit fault is detected while reading the P-Flash phrase containing the P-Flash protection byte during the reset sequence, the FPOPEN bit will be cleared and remaining bits in the FPROT register will be set to leave the P-Flash memory fully protected."   "If a double bit fault is detected while reading the P-Flash phrase containing the Flash security byte during the reset sequence, all bits in the FSEC register will be set to leave the Flash module in a secured state with backdoor key access disabled."   The same for D-Flash...   S12(X) unsecure: Unsecure is possible by three ways: 1. Backdoor key access(temporary) 2. Reprogramming the security bits 3. Complete memory erase (special modes) Ad1) For secure and backdoor key you set 16bytes on address 0xFF00. The backdoor key access method allows debugging of a secured microcontroller without having to erase the Flash. This is particularly useful for failure analysis. For unsecure by backdoor key you use special flash command 0C (caption Verify Backdoor Access Key Command in reference manual). No word of the backdoor key is allowed to have the value 0x0000 or 0xFFFF. Unsecure is valid only till reset. If an invalid attempt is made to verify the Backdoor Keys the command will be locked out until a power down occurs.  Ad2) In normal single chip mode (NS), security can also be disabled by erasing and reprogramming the security bits within Flash options/security byte to the unsecured value. Because the erase operation will erase the entire sector from 0xFE00–0xFFFF, the backdoor key and the interrupt vectors will also be erased; this method is not recommended for normal single chip mode. Ad3) Complete mass erase by BDM device(in special mode). In Code Warior debugger menu ->MultilinkCyclonePro->Unsecure… If not work you can use unsecure12 from P&E: http://www.pemicro.com/downloads/download_file.cfm?download_id=16 Unsecure_12 Help Files: http://www.pemicro.com/downloads/download_file.cfm?download_id=14 Note: For downloading is necessary registration.
Example code pack for S12G contains simple code examples how to initialize and how to use MCU module/feature. List of examples: G128-API_wakeup_from_Stop_Mode G128-Clock and COP examples G128-Interrupt_catcher-CW51 G128-LIN-CW51 G128-PLL_PEEmode-CW51 G128-Security-CW51 G240-API+STOP-CW51 G240-API-CW51 G240-ATD+GPIO-CW51 G240-ATD-Continuous_conversion_with_interrupt-CW51 G240-ATD-Multichannel_single_conversion-CW51 G240-ATD-Single_conversion-CW51 G240-Checksum-CW51 G240-Flash-CW51 G240-PLL-PBE_mode-CW51 G240-PLL-PEE_mode-CW51 G240-PLL-PEI_mode-CW51 G240-TIM_50us_interval-CW51 G240-TIM_50us_period-CW51 GN32-EEPROM-EW-CW51 GN32-LIN-CW51 GN32-PWM16b_GPIO GN32-PWM_8bit-CW51 GN32-SCI_SPI_Gateway-CW51 GN32-SCI_wake_up_from_stop-CW51   Oct-22-2013 Update: I added G128-CAN-CW51, G240-SPI-MC33810-CW51, G240-SPI-Slave examples. I added PLL calculator. I fixed error in GN32-EEPROM-EW-CW51 example code.   Aug-21-2015 Update: Updated G240-Flash-CW51 example code. Removed image files and object code from projects (9MB->2MB size)
Interrupt catcher you can use for debugging or directly in your software. Few notes: 1. You should replace lines for expected interrupt by your interrupts routines as in example of SCI0 interrupt routine. 2. All interrupt vectors are only 16bit addresses, therefore all your interrupt routines must be placed in non banked memory (for example by #pragma commands) 3. Interrupt number 0 presents POR reset vector, 1 is CM reset, 2 is COP reset, … , 119 is Spurious Interrupt. Interrupt number = (0xFE-Vector Address)/2. See Table Interrupt Vector Locations at RM. For Example: Interrupt number of SCI0 = (0xFE-D6)/2 = 0x14 = 20.
Dear reader,   There is extended information provided in the attached document. it contains detailed description "how-to", example design, detailed memory maps and code examples.   Also tested example projects created under CodeWarrior are attached.   I believe the document as well as SW examples will help you in the design and avoid mistakes we have met under our work in the S12(X) support team.   Yours sincerely,   Ladislav