Chapter 4 Memory
MC9S08DZ128 Series Data Sheet, Rev. 1
Freescale Semiconductor
75
which can be performed at the same time the FLASH memory is programmed. The 1:0 state disengages
security; the other three combinations engage security. Notice the erased state (1:1) makes the MCU
secure. During development, whenever the FLASH is erased, it is good practice to immediately program
the SEC0 bit to 0 in NVOPT so SEC = 1:0. This would allow the MCU to remain unsecured after a
subsequent reset.
The on-chip debug module cannot be enabled while the MCU is secure. The separate background debug
controller can be used for background memory access commands, but the MCU cannot enter active
background mode except by holding BKGD low at the rising edge of reset.
A user can choose to allow or disallow a security unlocking mechanism through an 8-byte backdoor
security key. If the nonvolatile KEYEN bit in NVOPT/FOPT is 0, the backdoor key is disabled and there
is no way to disengage security without completely erasing all FLASH locations. If KEYEN is 1, a secure
user program can temporarily disengage security by:
1. Writing 1 to KEYACC in the FCNFG register. This makes the FLASH module interpret writes to
the backdoor comparison key locations (NVBACKKEY through NVBACKKEY+7) as values to
be compared against the key rather than as the rst step in a FLASH program or erase command.
2. Writing the user-entered key values to the NVBACKKEY through NVBACKKEY+7 locations.
These writes must be performed in order starting with the value for NVBACKKEY and ending
with NVBACKKEY+7. STHX must not be used for these writes because these writes cannot be
performed on adjacent bus cycles. User software normally would get the key codes from outside
the MCU system through a communication interface such as a serial I/O.
3. Writing 0 to KEYACC in the FCNFG register. If the 8-byte key that was written matches the key
stored in the FLASH locations, SEC bits are automatically changed to 1:0 and security will be
disengaged until the next reset.
The security key can be written only from secure memory (either RAM, EEPROM, or FLASH), so it
cannot be entered through background commands without the cooperation of a secure user program.
The backdoor comparison key (NVBACKKEY through NVBACKKEY+7) is located in FLASH memory
locations in the nonvolatile register space so users can program these locations exactly as they would
program any other FLASH memory location. The nonvolatile registers are in the same 512-byte block of
FLASH as the reset and interrupt vectors, so block protecting that space also block protects the backdoor
comparison key. Block protects cannot be changed from user application programs, so if the vector space
is block protected, the backdoor security key mechanism cannot permanently change the block protect,
security settings, or the backdoor key.
Security can always be disengaged through the background debug interface by taking these steps:
1. Disable any block protections by writing FPROT. FPROT can be written only with background
debug commands, not from application software.
2. Mass erase FLASH if necessary.
3. Blank check FLASH. Provided FLASH is completely erased, security is disengaged until the next
reset.
To avoid returning to secure mode after the next reset, program NVOPT so SEC = 1:0.