Hi,
I've a problem with processor security against reading the content of FLASH/EEPROM by unauthorised persons. I've read the documentations and application notices (AN2206 etc.) but I'm still unsure how the security should be made. My project based on the MC9S12DG128 processor, which works in SINGLE CHIP mode. Program uses EEPROM memory for configuration parameters. First version of program is loading via BDM. Next versions are loading via SCI (upgrade). My question: 1) When I get MCU to secured mode (by set @0xFF0F = 0x80) I lose access to EEPROM memory. I have to access to EEPROM. What should I make? 2) It is possible secure BDM interface without secure Flash and EEPROM memory? I need upgrade program via SCI and need access to Flash via SCI. When I get to secured mode I don't have access to Flash via SCI. How to resolve this? 3) I need upgrade program via SCI and need access to Flash via SCI , and need to have secured MCU (BDM interface) in the same time. But, When I unsecure MCU by Password/Backdoor key via SCI - MCU stays unsecured. It is dangerous. Some one can read the content the FLASH and EEPROM (to next reset of course) at this moment. What is solution of this? I would be grateful for any ideas. Dariusz Kusinski |
|
Security of MC9S12DG128 MCU
Started by ●November 1, 2004
Reply by ●November 2, 20042004-11-02
Dariusz, You didn't mention what mask-set of the MC9S12DG128 you are using. For security, I would advise against using the earlier mask sets - 0L85D or 1L85D. These earlier mask-sets don't have security fully working, and may also have some bugs that prevent the Flash and EEPROM from being written when the part is secured (I believe there was a recent post to this list about such a bug on an earlier mask sets of the MC9S12A256). MC9S12DG128 mask sets 0L40K - 4L40K, and 3L58S suppose to have the security fully working. These mask sets also allow writing to the Flash and EEPROM, while the part is secured. Please note there are two separate mechanisms for the Flash and EEPROM - security and protection. On parts that have security fully working and free of initial silicon bugs, you can keep the security mechanism on, and write to the Flash and EEPROM by keeping the Flash and EEPROM un-protected. Hope this helps, Doron Nohau Corporation HC12 In-Circuit Emulators www.nohau.com/emul12pc.html At 23:51 01/11/2004 +0100, you wrote: >Hi, > >I've a problem with processor security against reading the content of >FLASH/EEPROM by unauthorised persons. > >I've read the documentations and application notices (AN2206 etc.) but I'm >still unsure how the security should be made. >My project based on the MC9S12DG128 processor, which works in SINGLE CHIP >mode. >Program uses EEPROM memory for configuration parameters. > >First version of program is loading via BDM. Next versions are loading via >SCI (upgrade). > >My question: > >1) When I get MCU to secured mode (by set @0xFF0F = 0x80) I lose access to >EEPROM memory. > I have to access to EEPROM. What should I make? > >2) It is possible secure BDM interface without secure Flash and EEPROM >memory? I need upgrade program via SCI and need access to Flash via SCI. >When I get to secured mode I don't have access to Flash via SCI. How to >resolve this? > >3) I need upgrade program via SCI and need access to Flash via SCI , and >need to have secured MCU (BDM interface) in the same time. >But, When I unsecure MCU by Password/Backdoor key via SCI - MCU stays >unsecured. > >It is dangerous. Some one can read the content the FLASH and EEPROM (to >next reset of course) at this moment. > >What is solution of this? > >I would be grateful for any ideas. >Dariusz Kusinski |
|
Reply by ●November 2, 20042004-11-02
The 9S12 family has two separate mechanisms: 1) Protection - prevent accidental changes of content FLASH or EEPROM. and 2) Security - security feature preventing the unauthorized read and write of the memory contents. Secured state of operation means that nobody can read the content of the internal FLASH nor EEPROM memories via BDM(Background debug mode). Since you mentioned your mask set is 0L85D, your microcontroller should be MC9S12DT128B. This microcontroller has two mask sets 0L85D and 1L85D. Unfortunately both of these masksets have following errata numbers: MUCts00639: EEPROM "Program & erase blocked in normal single chip mode when secure" MUCts00644: FLASH "Program & erase blocked in normal single chip mode when secure" Detail description you can find at web-links: http://www.freescale.com/files/microcontrollers/doc/errata/MSE9S12DT12 8B_0L85D.pdf http://www.freescale.com/files/microcontrollers/doc/errata/MSE9S12DT12 8B_1L85D.pdf So you can not change the content of EEPROM nor FLASH in your software on device which operates in single chip and secure state. As a solution you should use new mask-sets which have these erratas fixed. Please see the page of the microcontroller MC9S12DG128 (note there is no B suffix): http://www.freescale.com/webapp/sps/site/prod_summary.jsp? code=MC9S12DG128 and for example the masksets number 3L40K or 4L40K errata documents: http://www.freescale.com/files/microcontrollers/doc/errata/MSE9S12DT12 8_3L40K.pdf http://www.freescale.com/files/microcontrollers/doc/errata/MSE9S12DT12 8_4L40K.pdf On these masksets you can program/change the FLASH and EEPROM in your software when device is secured. Additional info regarding Secured mode of operation you can find in Device User Guide document: http://www.freescale.com/files/microcontrollers/doc/data_sheet/9S12DT1 28DGV2.pdf "4.3.2.1 Normal Single Chip Mode": "This will be the most common usage of the secured part. Everything will appear the same as if the part was not secured with the exception of BDM operation. The BDM operation will be blocked." Jasa --- In , Doron Fael <doronf@n...> wrote: > Dariusz, > > You didn't mention what mask-set of the MC9S12DG128 you are using. > > For security, I would advise against using the earlier mask sets - 0L85D or > 1L85D. These earlier mask-sets don't have security fully working, and may > also have some bugs that prevent the Flash and EEPROM from being written > when the part is secured (I believe there was a recent post to this list > about such a bug on an earlier mask sets of the MC9S12A256). > > MC9S12DG128 mask sets 0L40K - 4L40K, and 3L58S suppose to have the security > fully working. These mask sets also allow writing to the Flash and EEPROM, > while the part is secured. Please note there are two separate mechanisms > for the Flash and EEPROM - security and protection. On parts that have > security fully working and free of initial silicon bugs, you can keep the > security mechanism on, and write to the Flash and EEPROM by keeping the > Flash and EEPROM un-protected. > > Hope this helps, > Doron > Nohau Corporation > HC12 In-Circuit Emulators > www.nohau.com/emul12pc.html > > At 23:51 01/11/2004 +0100, you wrote: > >Hi, > > > >I've a problem with processor security against reading the content of > >FLASH/EEPROM by unauthorised persons. > > > >I've read the documentations and application notices (AN2206 etc.) but I'm > >still unsure how the security should be made. > >My project based on the MC9S12DG128 processor, which works in SINGLE CHIP > >mode. > >Program uses EEPROM memory for configuration parameters. > > > >First version of program is loading via BDM. Next versions are loading via > >SCI (upgrade). > > > >My question: > > > >1) When I get MCU to secured mode (by set @0xFF0F = 0x80) I lose access to > >EEPROM memory. > > I have to access to EEPROM. What should I make? > > > >2) It is possible secure BDM interface without secure Flash and EEPROM > >memory? I need upgrade program via SCI and need access to Flash via SCI. > >When I get to secured mode I don't have access to Flash via SCI. How to > >resolve this? > > > >3) I need upgrade program via SCI and need access to Flash via SCI , and > >need to have secured MCU (BDM interface) in the same time. > >But, When I unsecure MCU by Password/Backdoor key via SCI - MCU stays > >unsecured. > > > >It is dangerous. Some one can read the content the FLASH and EEPROM (to > >next reset of course) at this moment. > > > >What is solution of this? > > > >I would be grateful for any ideas. > >Dariusz Kusinski > |
Reply by ●November 2, 20042004-11-02
Hi, Unfortunately, we have got the 0L85D mask-set. probably a 10k chips. Sit and cry :-( Ok,"Un-secure" It's some solution on today. But, When I'll un-secure MCU by Password/Backdoor key via SCI the MCU stays un-secured. I can keeping the Flash and EEPROM un-secured but, it is dangerous. Some one can read the content the FLASH and EEPROM via BDM (to next reset of course) at this moment. am I wrong? Dariusz --- In , Doron Fael <doronf@n...> wrote: > Dariusz, > > You didn't mention what mask-set of the MC9S12DG128 you are using. > > For security, I would advise against using the earlier mask sets - 0L85D or > 1L85D. These earlier mask-sets don't have security fully working, and may > also have some bugs that prevent the Flash and EEPROM from being written > when the part is secured (I believe there was a recent post to this list > about such a bug on an earlier mask sets of the MC9S12A256). > > MC9S12DG128 mask sets 0L40K - 4L40K, and 3L58S suppose to have the security > fully working. These mask sets also allow writing to the Flash and EEPROM, > while the part is secured. Please note there are two separate mechanisms > for the Flash and EEPROM - security and protection. On parts that have > security fully working and free of initial silicon bugs, you can keep the > security mechanism on, and write to the Flash and EEPROM by keeping the > Flash and EEPROM un-protected. > > Hope this helps, > Doron > Nohau Corporation > HC12 In-Circuit Emulators > www.nohau.com/emul12pc.html > > At 23:51 01/11/2004 +0100, you wrote: > >Hi, > > > >I've a problem with processor security against reading the content of > >FLASH/EEPROM by unauthorised persons. > > > >I've read the documentations and application notices (AN2206 etc.) but I'm > >still unsure how the security should be made. > >My project based on the MC9S12DG128 processor, which works in SINGLE CHIP > >mode. > >Program uses EEPROM memory for configuration parameters. > > > >First version of program is loading via BDM. Next versions are loading via > >SCI (upgrade). > > > >My question: > > > >1) When I get MCU to secured mode (by set @0xFF0F = 0x80) I lose access to > >EEPROM memory. > > I have to access to EEPROM. What should I make? > > > >2) It is possible secure BDM interface without secure Flash and EEPROM > >memory? I need upgrade program via SCI and need access to Flash via SCI. > >When I get to secured mode I don't have access to Flash via SCI. How to > >resolve this? > > > >3) I need upgrade program via SCI and need access to Flash via SCI , and > >need to have secured MCU (BDM interface) in the same time. > >But, When I unsecure MCU by Password/Backdoor key via SCI - MCU stays > >unsecured. > > > >It is dangerous. Some one can read the content the FLASH and EEPROM (to > >next reset of course) at this moment. > > > >What is solution of this? > > > >I would be grateful for any ideas. > >Dariusz Kusinski > |