DEMO9S08LIN Freescale, DEMO9S08LIN Datasheet - Page 55

DEMO9S08LIN

Manufacturer Part Number

DEMO9S08LIN

Description

Manufacturer

Freescale

Datasheet

1.DEMO9S08LIN.pdf (360 pages)

Specifications of DEMO9S08LIN

Lead Free Status / RoHS Status

Compliant

Current page: 55 of 360
Download datasheet (4Mb)

makes the MCU secure. During development, whenever the FLASH is erased, it is good practice to

immediately program the SEC00 bit to 0 in NVOPT so SEC01:SEC00 = 1:0. This would allow the MCU

to remain unsecured after a subsequent reset.

The on-chip debug module cannot be enabled while the MCU is secure. The separate background debug

controller can still be used for background memory access commands, but the MCU cannot enter active

background mode except by holding BKGD/MS low at the rising edge of reset.

A user can choose to allow or disallow a security unlocking mechanism through an 8-byte backdoor

security key. If the nonvolatile KEYEN bit in NVOPT/FOPT is 0, the backdoor key is disabled and there

is no way to disengage security without completely erasing all FLASH locations. If KEYEN is 1, a secure

user program can temporarily disengage security by:

The security key can be written only from secure memory (either RAM or FLASH), so it cannot be entered

through background commands without the cooperation of a secure user program.

The backdoor comparison key (NVBACKKEY through NVBACKKEY+7) is located in FLASH memory

locations in the nonvolatile register space so users can program these locations just as they would program

any other FLASH memory location. The nonvolatile registers are in the same 512-byte block of FLASH

as the reset and interrupt vectors, so block protecting that space also block protects the backdoor

comparison key. Block protects cannot be changed from user application programs, so if the vector space

is block protected, the backdoor security key mechanism cannot permanently change the block protect,

security settings, or the backdoor key.

Security can always be disengaged through the background debug interface by performing these steps:

Freescale Semiconductor

1. Writing 1 to KEYACC in the FCNFG register. This makes the FLASH module interpret writes to

2. Writing the user-entered key values to the NVBACKKEY through NVBACKKEY+7 locations.

3. Writing 0 to KEYACC in the FCNFG register. If the 8-byte key that was just written matches the

1. Disable any block protections by writing FPROT. FPROT can be written only with background

2. Mass erase FLASH, if necessary.

3. Blank check FLASH. Provided FLASH is completely erased, security is disengaged until the next

the backdoor comparison key locations (NVBACKKEY through NVBACKKEY+7) as values to

be compared against the key rather than as the ﬁrst step in a FLASH program or erase command.

These writes must be done in order, starting with the value for NVBACKKEY and ending with

NVBACKKEY+7. STHX should not be used for these writes because these writes cannot be done

on adjacent bus cycles. User software normally would get the key codes from outside the MCU

system through a communication interface such as a serial I/O.

key stored in the FLASH locations, SEC01:SEC00 are automatically changed to 1:0 and security

will be disengaged until the next reset.

debug commands, not from application software.

reset.

To avoid returning to secure mode after the next reset, program NVOPT so SEC01:SEC00 = 1:0.

MC9S08LC60 Series Data Sheet: Technical Data, Rev. 4

Chapter 4 Memory