Datasheet

Chapter 25 256 KByte Flash Module (S12XFTM256K2V1)
MC9S12XE-Family Reference Manual Rev. 1.25
950 Freescale Semiconductor
The security state out of reset can be permanently changed by programming the security byte of the Flash
configuration field. This assumes that you are starting from a mode where the necessary P-Flash erase and
program commands are available and that the upper region of the P-Flash is unprotected. If the Flash
security byte is successfully programmed, its new value will take affect after the next MCU reset.
The following subsections describe these security-related subjects:
Unsecuring the MCU using Backdoor Key Access
Unsecuring the MCU in Special Single Chip Mode using BDM
Mode and Security Effects on Flash Command Availability
25.5.1 Unsecuring the MCU using Backdoor Key Access
The MCU may be unsecured by using the backdoor key access feature which requires knowledge of the
contents of the backdoor keys (four 16-bit words programmed at addresses 0x7F_FF00–0x7F_FF07). If
the KEYEN[1:0] bits are in the enabled state (see Section 25.3.2.2), the Verify Backdoor Access Key
command (see Section 25.4.2.12) allows the user to present four prospective keys for comparison to the
keys stored in the Flash memory via the Memory Controller. If the keys presented in the Verify Backdoor
Access Key command match the backdoor keys stored in the Flash memory, the SEC bits in the FSEC
register (see Table 25-12) will be changed to unsecure the MCU. Key values of 0x0000 and 0xFFFF are
not permitted as backdoor keys. While the Verify Backdoor Access Key command is active, P-Flash block
0 will not be available for read access and will return invalid data.
The user code stored in the P-Flash memory must have a method of receiving the backdoor keys from an
external stimulus. This external stimulus would typically be through one of the on-chip serial ports.
If the KEYEN[1:0] bits are in the enabled state (see Section 25.3.2.2), the MCU can be unsecured by the
backdoor key access sequence described below:
1. Follow the command sequence for the Verify Backdoor Access Key command as explained in
Section 25.4.2.12
2. If the Verify Backdoor Access Key command is successful, the MCU is unsecured and the
SEC[1:0] bits in the FSEC register are forced to the unsecure state of 10
The Verify Backdoor Access Key command is monitored by the Memory Controller and an illegal key will
prohibit future use of the Verify Backdoor Access Key command. A reset of the MCU is the only method
to re-enable the Verify Backdoor Access Key command.
After the backdoor keys have been correctly matched, the MCU will be unsecured. After the MCU is
unsecured, the sector containing the Flash security byte can be erased and the Flash security byte can be
reprogrammed to the unsecure state, if desired.
In the unsecure state, the user has full control of the contents of the backdoor keys by programming
addresses 0x7F_FF00–0x7F_FF07 in the Flash configuration field.
The security as defined in the Flash security byte (0x7F_FF0F) is not changed by using the Verify
Backdoor Access Key command sequence. The backdoor keys stored in addresses
0x7F_FF00–0x7F_FF07 are unaffected by the Verify Backdoor Access Key command sequence. After the
next reset of the MCU, the security state of the Flash module is determined by the Flash security byte