S912XEG128J2VAL
| Model | S912XEG128J2VAL |
| Description | IC,MICROCONTROLLER,16-BIT,CPU12 CPU,CMOS,QFP,112PIN,PLASTIC |
| PDF file | Total 1327 pages (File size: 7M) |
| Chip Manufacturer | ROCHESTER |
Chapter 28 768 KByte Flash Module (S12XFTM768K4V2)
The following subsections describe these security-related subjects:
• Unsecuring the MCU using Backdoor Key Access
• Unsecuring the MCU in Special Single Chip Mode using BDM
• Mode and Security Effects on Flash Command Availability
28.5.1
Unsecuring the MCU using Backdoor Key Access
The MCU may be unsecured by using the backdoor key access feature which requires knowledge of the
contents of the backdoor keys (four 16-bit words programmed at addresses 0x7F_FF00–0x7F_FF07). If
the KEYEN[1:0] bits are in the enabled state (see
Section 28.3.2.2),
the Verify Backdoor Access Key
command (see
Section 28.4.2.12)
allows the user to present four prospective keys for comparison to the
keys stored in the Flash memory via the Memory Controller. If the keys presented in the Verify Backdoor
Access Key command match the backdoor keys stored in the Flash memory, the SEC bits in the FSEC
register (see
Table 28-12)
will be changed to unsecure the MCU. Key values of 0x0000 and 0xFFFF are
not permitted as backdoor keys. While the Verify Backdoor Access Key command is active, P-Flash block
0 will not be available for read access and will return invalid data.
The user code stored in the P-Flash memory must have a method of receiving the backdoor keys from an
external stimulus. This external stimulus would typically be through one of the on-chip serial ports.
If the KEYEN[1:0] bits are in the enabled state (see
Section 28.3.2.2),
the MCU can be unsecured by the
backdoor key access sequence described below:
1. Follow the command sequence for the Verify Backdoor Access Key command as explained in
Section 28.4.2.12
2. If the Verify Backdoor Access Key command is successful, the MCU is unsecured and the
SEC[1:0] bits in the FSEC register are forced to the unsecure state of 10
The Verify Backdoor Access Key command is monitored by the Memory Controller and an illegal key will
prohibit future use of the Verify Backdoor Access Key command. A reset of the MCU is the only method
to re-enable the Verify Backdoor Access Key command.
After the backdoor keys have been correctly matched, the MCU will be unsecured. After the MCU is
unsecured, the sector containing the Flash security byte can be erased and the Flash security byte can be
reprogrammed to the unsecure state, if desired.
In the unsecure state, the user has full control of the contents of the backdoor keys by programming
addresses 0x7F_FF00–0x7F_FF07 in the Flash configuration field.
The security as defined in the Flash security byte (0x7F_FF0F) is not changed by using the Verify
Backdoor Access Key command sequence. The backdoor keys stored in addresses
0x7F_FF00–0x7F_FF07 are unaffected by the Verify Backdoor Access Key command sequence. After the
next reset of the MCU, the security state of the Flash module is determined by the Flash security byte
MC9S12XE-Family Reference Manual , Rev. 1.19
1136
Freescale Semiconductor
Because of an order from the United States International Trade Commission, BGA-packaged product lines and part numbers indicated here currently are not
available from Freescale for import or sale in the United States prior to September 2010: S12XE products in 208 MAPBGA packages
The security state out of reset can be permanently changed by programming the security byte of the Flash
configuration field. This assumes that you are starting from a mode where the necessary P-Flash erase and
program commands are available and that the upper region of the P-Flash is unprotected. If the Flash
security byte is successfully programmed, its new value will take affect after the next MCU reset.
