LFDAS12XSFT Freescale Semiconductor, LFDAS12XSFT Datasheet - Page 655

LFDAS12XSFT

Manufacturer Part Number

LFDAS12XSFT

Description

HARDWARE MC9S12XS 80-PIN

Manufacturer

Freescale Semiconductor

Datasheet

1.LFDAS12XSCT.pdf (738 pages)

Specifications of LFDAS12XSFT

Module/board Type

Lead Free Status / RoHS Status

Lead free / RoHS Compliant

For Use With/related Products

Current page: 655 of 738
Download datasheet (4Mb)

20.5.1

The MCU may be unsecured by using the backdoor key access feature which requires knowledge of the

contents of the backdoor keys (four 16-bit words programmed at addresses 0x7F_FF00–0x7F_FF07). If

the KEYEN[1:0] bits are in the enabled state (see

command (see

keys stored in the Flash memory via the Memory Controller. If the keys presented in the Verify Backdoor

Access Key command match the backdoor keys stored in the Flash memory, the SEC bits in the FSEC

not permitted as backdoor keys. While the Verify Backdoor Access Key command is active, P-Flash block

0 will not be available for read access and will return invalid data.

The user code stored in the P-Flash memory must have a method of receiving the backdoor keys from an

external stimulus. This external stimulus would typically be through one of the on-chip serial ports.

If the KEYEN[1:0] bits are in the enabled state (see

backdoor key access sequence described below:

The Verify Backdoor Access Key command is monitored by the Memory Controller and an illegal key will

prohibit future use of the Verify Backdoor Access Key command. A reset of the MCU is the only method

to re-enable the Verify Backdoor Access Key command.

After the backdoor keys have been correctly matched, the MCU will be unsecured. After the MCU is

unsecured, the sector containing the Flash security byte can be erased and the Flash security byte can be

reprogrammed to the unsecure state, if desired.

In the unsecure state, the user has full control of the contents of the backdoor keys by programming

addresses 0x7F_FF00–0x7F_FF07 in the Flash conﬁguration ﬁeld.

The security as deﬁned in the Flash security byte (0x7F_FF0F) is not changed by using the Verify

Backdoor Access Key command sequence. The backdoor keys stored in addresses

0x7F_FF00–0x7F_FF07 are unaffected by the Verify Backdoor Access Key command sequence. After the

next reset of the MCU, the security state of the Flash module is determined by the Flash security byte

(0x7F_FF0F). The Verify Backdoor Access Key command sequence has no effect on the program and

erase protections deﬁned in the Flash protection register, FPROT.

20.5.2

The MCU can be unsecured in special single chip mode by erasing the P-Flash and D-Flash memory by

one of the following methods:

Freescale Semiconductor

1. Follow the command sequence for the Verify Backdoor Access Key command as explained in

2. If the Verify Backdoor Access Key command is successful, the MCU is unsecured and the

•

Section 20.4.2.11

SEC[1:0] bits in the FSEC register are forced to the unsecure state of 10

Reset the MCU into special single chip mode, delay while the erase test is performed by the BDM,

send BDM commands to disable protection in the P-Flash and D-Flash memory, and execute the

Erase All Blocks command write sequence to erase the P-Flash and D-Flash memory.

Unsecuring the MCU using Backdoor Key Access

Unsecuring the MCU in Special Single Chip Mode using BDM

Table

Section

20-10) will be changed to unsecure the MCU. Key values of 0x0000 and 0xFFFF are

20.4.2.11) allows the user to present four prospective keys for comparison to the

S12XS Family Reference Manual, Rev. 1.11

Section

20.3.2.2), the Verify Backdoor Access Key

20.3.2.2), the MCU can be unsecured by the

64 KByte Flash Module (S12XFTMR64K1V1)

655

LFDAS12XSFT Freescale Semiconductor, LFDAS12XSFT Datasheet - Page 655

LFDAS12XSFT

Specifications of LFDAS12XSFT

Related parts for LFDAS12XSFT