Manualshelf

Technical information

ManualsBrandsMotorola ManualsComputer HardwareMCU MC9S12DP256
15161718192021222324
AN2216/D
22 MC9S12DP256 Software Development Using Metrowerk’s Codewarrior MOTOROLA
Flash Security While no security feature can be 100% guaranteed to prevent access to an
MCU’s internal resources, the MC9S12DP256’s security mechanism makes it
extremely difficult to access the Flash or EEPROM contents. Once the security
mechanism has been enabled, access to the Flash and EEPROM either
through the BDM or the expanded bus is inhibited. Gaining access to either of
these resources may only be accomplished by erasing the contents of the
Flash and EEPROM or through a built in back door mechanism. While having
a back door mechanism may seem to be a weakness of the security
mechanism, the target application must specifically support this feature for it to
operate.
Erasing the Flash or EEPROM can be accomplished using one of two methods.
The first method requires resetting the target MCU in Special Single-chip mode
and using the BDM interface. When a secured device is reset in Special
Single-chip mode, a special BDM security ROM becomes active. The program
in this small ROM performs a blank check of the Flash and EEPROM
memories. If both memory spaces are erased, the BDM firmware temporarily
disables device security, allowing full BDM functionally. However, if the Flash
or EEPROM are not blank, security remains active and only the BDM hardware
commands remain functional. In this mode the BDM commands are restricted
to reading and writing the I/O register space. Because all other BDM
commands and on-chip resources are disabled, the contents of the Flash and
EEPROM remain protected. This functionality is adequate to manipulate the
Flash and EEPROM control registers to erase their contents.
NOTE: Use of the BDM interface to erase the Flash and EEPROM memories is not
present in the initial mask set (0K36N) of the MC9S12DP256. Great care must
be exercised to ensure that the microcontroller is not programmed in a secure
state unless the back door mechanism is supported by the target firmware.
The second method requires the microcontroller to be connected to external
memory devices and reset in Expanded mode where a program can be
executed from the external memory to erase the Flash and EEPROM. This
method may be preferred before parts are placed in a target system.
As shown in Figure 22 the security mechanism is controlled by the two least
significant bits in the Security Byte. Because the only unsecured combination
is when SEC1 has a value of ‘1’ and SEC0 has a value of 0’, the microcontroller
will remain secured even after the Flash and EEPROM are erased since the
erased state of the security byte is $FF. As previously explained, even though
the device is secured after being erased, the part may be reset in Special
Single-chip mode allowing manipulation of the microcontroller via the BDM
interface. However, after erasing the Flash and EEPROM, the microcontroller
can be placed in the unsecured state by programming the security byte with a
value of $FE. Note that because the Flash must be programmed an aligned
word at a time and because the security byte resides at an odd address
($FF0F), the word at $FF0E must be programmed with a value of $FFFE.