Cart New Account Login

HomeAbout usProductsSupportForumsBlogCustomer Service

search inside this forum
Flash Programming: Securing Kinetis devices using the FSEC register
David G. Sep 13, 2017 at 11:19 AM (11:19 hours)
Staff: Juan S.

  • I have a system that contains both a Kinetis KL02 and K20. Throughout the development of both boards I have successfully used the Kinetis Design Studio along with the Multilink Universal FX for debugging and flash programming. We nearing the end of the project’s development and looking at securing the devices using the FSEC register. Flashing a device with the security on causes a disruption of the flash program algorithm. Are there any suggestions for dealing with this scenario? Should I be requesting a custom programming algorithm?




    Comments

  • In Kinetis Design Studio, how are you performing flash programming? Are you attempting to start a debug session? If you are starting a debug session, the debugger will automatically unsecure a secured device.

    • Yes, the flash get mass erased as it would without security.
      Here is my some of the console dialog from the KL02 flashing

      Erasing.
      Module has been erased.
      Reloading programming algorithm ...
      done.
      CMD>PM

      Programming.
      Processing Object File Data ...

      .
      Programmed.
      CMD>VC
      Verifying object file CRC-16 to device ranges ...
      block 00000000-000000BF ...
      Ok.
      block 00000400-00001233 ...
      Calculated CRC-16 does not match block. (File = $4E65, Device = $365D)
      Error verifying flash of device
      Error occured during Flash programming.

      Device is secured. Erasing ...

      ***********************************************************************
      Then I get a pop up window "Error during flash programming. Terminating debug session"

      It appears to program, then attempts to verify a secure part and then errors out.

      Is there a method of verifying the code, then program FSEC? Then check to see if the part is secure?

  • What security value are you setting FSEC?

    • 0x7D

      Backdoor disabled
      Mass erase enabled
      Freescale access granted
      MCU secured

  • Could you please try 0x7C

    • 0x7C does perform a bit differently 

      Console code for 0x7C:

      CMD>EM

      Erasing.
      Module has been erased.
      Reloading programming algorithm ...
      done.
      CMD>PM

      Programming.
      Processing Object File Data ...

      .
      Programmed.
      CMD>VC
      Verifying object file CRC-16 to device ranges ...
      block 00000000-000000BF ...
      Ok.
      block 00000400-00001233 ...
      Ok.
      Checksum Verification Successful. (Cumulative CRC-16=$0F13)

      CMD>RE

      Initializing.
      Device is Secure.


      The I get a dialog "Device is secure. Erase to unsecure?"

      At this point if I select no (assuming the device is programmed), the console reports:

      Cannot enter background mode. Check connections.

      Device is secured. Erasing ...

      And we get a pop up, "Error during flash programming, Terminating debug session."

      Press OK and ...
      PE-ERROR: Error downloading to the device.
      Disconnected from "127.0.0.1" via 127.0.0.1
      Disconnected from "127.0.0.1" via 127.0.0.1
      Disconnected from "127.0.0.1" via 127.0.0.1
      Target Disconnected.

  • Strange, 

    In my test casee, when I click NO on the "Device is secure. Erase to unsecure?" pop up, I get:


    .
    Programmed.
    CMD>VC
    Verifying object file CRC-16 to device ranges ...
    block 00000000-000000BF ...
    Ok.

    block 00000400-0000067B ...
    Ok.

    Checksum Verification Successful. (Cumulative CRC-16=$7983)



    CMD>RE


    Initializing.
    Device is Secure.

    Cannot enter background mode. Check connections.
    Device is Secure.

    PE-ERROR: Error downloading to the device.
    Disconnected from "127.0.0.1" via 127.0.0.1
    Disconnected from "127.0.0.1" via 127.0.0.1
    Target Disconnected.
    Target Disconnected.


    When the device is secured, clicking NO on the "Device is secure. Erase to unsecure?" pop up, prevents the debugger from mass erasing the device. Once security is enabled, the debugger cannot force debug mode unless a mass erase is performed.

    What version of KDS are you using?

    • Kinetis Design Studio
      Version: 3.0.0
      I have upgraded to
      GNU ARM PEMicro Interface Debugging Support   3.1.4.201709111641

      Hit the Icon; Console reads ...

      Erasing.
      Module has been erased.
      Reloading programming algorithm ...
      done.
      CMD>PM

      Programming.
      Processing Object File Data ...

      .
      Programmed.
      CMD>VC
      Verifying object file CRC-16 to device ranges ...
      block 00000000-000000BF ...
      Ok.
      block 00000400-00001233 ...
      Ok.
      Checksum Verification Successful. (Cumulative CRC-16=$0F13)

      CMD>RE

      Initializing.
      Device is Secure.

      ***** Dialog box asking Erase to unsecure **** I answer NO
      ***** console continues with:

      Cannot enter background mode. Check connections.

      Device is secured. Erasing ...
      PE-ERROR: Error downloading to the device.
      Disconnected from "127.0.0.1" via 127.0.0.1
      Disconnected from "127.0.0.1" via 127.0.0.1
      Target Disconnected.

      Pretty much the same as yours with the exception of
      "Device is secured. Erasing ... "

  • Could you please try using version 3.2.0. That's the version I'm using.

    • Done, KDS 3.2.0 installed, and updated.

      I Press the Flash icon , Flash configurations come up, choose flash ...

      ***** Dialog box asking Erase to unsecure **** I answer YES
      ***** console continues with:


      Connection from "127.0.0.1" via 127.0.0.1
      Connection from "127.0.0.1" via 127.0.0.1
      Copyright 2017 P&E Microcomputer Systems,Inc.
      Command Line :C:\Freescale\KDS_3.2.0\eclipse\plugins\com.pemicro.debug.gdbjtag.pne_3.1.4.201709111641\win32\pegdbserver_console -device=NXP_KL0x_KL02Z16M4 -startserver -singlesession -serverport=7224 -gdbmiport=6224 -interface=USBMULTILINK -speed=5000 -pœ

      CMD>RE

      Initializing.
      Target has been RESET and is active.
      CMD>CM C:\Freescale\KDS_3.2.0\eclipse\plugins\com.pemicro.debug.gdbjtag.pne_3.1.4.201709111641\win32\gdi\P&E\supportFiles_ARM\NXP\KL0x\freescale_kl02z16m4_1x32x4k_pflash.arp

      Initializing.
      Initialized.

      ;version 1.01, 03/14/2013, Copyright 2013 P&E Microcomputer Systems, Inc. All rights reserved. www.pemicro.com [mk_16k_n_pflash_m0]

      ;device freescale, kl02z16m4, 1x32x4k, desc=pflash

      ;begin_cs device=$00000000, length=$00004000, ram=$20000000

      Loading programming algorithm ...

      WARNING - Selected .ARP file has been modified. CRC16 = $E2B0
      Done.
      CMD>VC
      Verifying object file CRC-16 to device ranges ...
      block 00000000-000000BF ...
      Calculated CRC-16 does not match block. (File = $DF8C, Device = $ED3C)

      CMD>EM

      Erasing.
      Module has been erased.
      Reloading programming algorithm ...
      done.
      CMD>PM

      Programming.
      Processing Object File Data ...


      .
      Programmed.
      CMD>VC
      Verifying object file CRC-16 to device ranges ...
      block 00000000-000000BF ...
      Ok.
      block 00000400-00001233 ...
      Ok.
      Checksum Verification Successful. (Cumulative CRC-16=$0F13)

      CMD>RE

      Initializing.
      Device is Secure.

      ***** Dialog box asking Erase to unsecure **** I answer NO
      ***** console continues with:

      Cannot enter background mode. Check connections.
      Device is Secure.

      ***** Dialog box asking Erase to unsecure **** I answer NO
      ***** console continues with:

      And then I get a pop up, "Error during flash programming, Terminating debug session."

      Press OK and ...

      PE-ERROR: Error downloading to the device.
      Disconnected from "127.0.0.1" via 127.0.0.1
      PE-ERROR: Exception Occured : Connection Closed Gracefully.
      Disconnected from "127.0.0.1" via 127.0.0.1
      Target Disconnected.



      Is this what I should expect?

  • Yes, that is what you should expect. Once the target has been programmed and  secured, to re-enter debug mode, a mass erase needs to be executed. By clicking no, you instruct the debugger not to perform a mass erase, leaving the target programmed and secured.

    • OK thanks for your help ... not that it matters for our pilot run but can I assume the part is programmed and secure when we see:

      "Checksum Verification Successful. (Cumulative CRC-16=$0F13)"

      If yes, is there anyway to kill that extra dialog?

      Finally, I will need to purchase a couple of Cyclones for our production environment. Does PEMicro have a loaner that we can test out work flow on? Ultimately we want to provide a programmed secure Cyclone to our contractor to accomplish what we have been discussing (programming code and security). Can you direct me to a sales contact?

  • There is no way to kill the extra dialog. 

    Unfortunately, PEMicro does not loan Cyclones.

    Depending on the type of purchase, you can find more information following the link below:

    http://www.pemicro.com/contact_us/index.cfm?showTab=2

    • Thanks,

  • Hi Juan, 
    I have purchased one Cyclone ACP programmer to test out the process before buying the second one. I have created a .SAP file for the KL02 project downloaded to the Cyclone and added the “Secure Device” command to the script. Programmed the board flawlessly! Awesome product, thanks.

    I have reviewed the PE website and the programming forum to see if I can find something about the .SAP file being encrypted. It would be great to be able to send our PCB manufacture the project.sap files via email when a revision occurs. In the forums I have read that the SAP file cannot be taken off the cyclone and that the S record cannot be extracted from the .SAP file.

    Can you point me to a document that would confirm that the .SAP file is indeed secure?

Add comment


   Want to comment? Please login or create a new PEMicro account.







© 2017 P&E Microcomputer Systems Inc.
Website Terms of Use and Sales Agreement