MM912_634 Advance Information, Rev. 10.0
Freescale Semiconductor
236
5.35.0.2.2
Special Single Chip Mode (SS)
BDM firmware commands are disabled.
BDM hardware commands are restricted to the register space.
Execution of Flash and EEPROM commands is restricted. Please refer to the NVM block guide for details.
Tracing code execution using the DBG module is disabled.
Special single chip mode means BDM is active after reset. The availability of BDM firmware commands depends on the security
state of the device. The BDM secure firmware first performs a blank check of both the Flash memory and the EEPROM. If the
blank check succeeds, security will be temporarily turned off and the state of the security bits in the appropriate Flash memory
location can be changed If the blank check fails, security will remain active, only the BDM hardware commands will be enabled,
and the accessible memory space is restricted to the peripheral register area. This will allow the BDM to be used to erase the
EEPROM and Flash memory without giving access to their contents. After erasing both Flash memory and EEPROM, another
reset into special single chip mode will cause the blank check to succeed and the options/security byte can be programmed to
“unsecured” state via BDM.
While the BDM is executing the blank check, the BDM interface is completely blocked, which means that all BDM commands are
temporarily blocked.
5.35.0.2.3
Executing from Internal Memory in Expanded Mode
The user may choose to operate from internal memory while in expanded mode. To do this the user must start in single chip mode
and write to the mode bits selecting expanded operation. In this mode internal visibility and IPIPE are blocked. If the users
program tries to execute from outside the program memory space (internal space occupied by the FLASH), the FLASH and
EEPROM will be disabled. BDM operations will be blocked.
If the user begins operation in single chip mode with security on, the user is constrained to operate out of internal memory - even
if the user changes to expanded mode. To accomplish this the MMC needs to register that the part started in single chip mode
and was secured. The CPU will provide the state of the two high-order bits of the Program Counter. All this information, plus the
firmware size information is used to determine that the part is executing in the proper space. If the program strays, the selects
for FLASH and EEPROM are disabled by the MMC until the part goes through reset.
5.35.0.2.4
Unsecuring the Microcontroller
Unsecuring the microcontroller can be done by three different methods:
1.
Backdoor key access
2.
Reprogramming the security bits
3.
Complete memory erase (special modes)
5.35.0.2.5
Unsecuring the MCU Using the Backdoor Key Access
In normal modes (single chip and expanded), security can be temporarily disabled using the backdoor key access method. This
method requires that:
The backdoor key at 0xFF00–0xFF07 (= global addresses 0x7F_FF00–0x7F_FF07) has been programmed to a valid
value.
The KEYEN[1:0] bits within the Flash options/security byte select ‘enabled’.
In single chip mode, the application program programmed into the microcontroller must be designed to have the
capability to write to the backdoor key locations.
The backdoor key values themselves would not normally be stored within the application data, which means the application
program would have to be designed to receive the backdoor key values from an external source (e.g. through a serial port).
The backdoor key access method allows debugging of a secured microcontroller without having to erase the Flash. This is
particularly useful for failure analysis.
NOTE
No word of the backdoor key is allowed to have the value 0x0000 or 0xFFFF.
5.35.0.3
Reprogramming the Security Bits
In normal single chip mode (NS), security can also be disabled by erasing and reprogramming the security bits within Flash
options/security byte to the unsecured value. Because the erase operation will erase the entire sector from 0xFE00–0xFFFF
(0x7F_FE00–0x7F_FFFF), the backdoor key and the interrupt vectors will also be erased; this method is not recommended for
normal single chip mode. The application software can only erase and program the Flash options/security byte if the Flash sector