MC3S12RG128 Datasheet, PDF(441/546 Page) Freescale Semiconductor, Inc – Microcontrollers

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

MC3S12RG128 Datasheet, PDF (441/546 Pages) Freescale Semiconductor, Inc – Microcontrollers

◁

Chapter 15 Read-Only Memory 64K x 16 (ROM64KX16V1) Block Description

15.4.1.1 Security and Backdoor Key Access deï¬nition

Security is engaged or disengaged based on the state of two non-volatile register bits (SEC[1:0]) in the

ROPT register. During reset, the contents of the non-volatile location NVOPT are copied from ROM into

the working ROPT register in high-page register space.

A user engages security by deï¬ning the security bits in the NVOPT location to select security enabled. This

data is included along with the ROM program and data ï¬le which is delivered when ordering a ROM

device. The SEC[1:0] = â10â state disengages security while the other three combinations engage security.

In a similar manner the user can choose to allow or disallow a security unlocking mechanism through an

8-byte backdoor security key. There is no way to disable security unless the non-volatile KEYEN[1:0] bits

in NVOPT/ROPT are set to â10â.

NOTE

On Mask-ROM devices the backdoor key is also used to protect access to

internal product analysis features. No product analysis will be possible on a

secured ROM if backdoor key access is disabled or keywords are invalid.

15.4.1.2 Unsecuring the MCU using the Backdoor Key Access

Provided that the key access is permitted, security can be disabled by the backdoor access sequence

described below:

1. Write 1 to KEYACC in the RCNFG register. This causes the ROM control logic to block read

accesses to the ROM array and to interpret writes to the backdoor comparison key locations

(NVBACKKEY+0x0000 through NVBACKKEY+0x0007) as values to be compared against the

key rather than as writes to ROM locations.

2. Write the correct four 16-bit key values to addresses NVBACKKEY+0x0000 through

NVBACKKEY+0x0007 locations. These writes must be done in order starting with the value for

NVBACKKEY+0x0000 and ending with NVBACKKEY+0x0007. User software normally would

get the key codes from outside the MCU system through a communication interface such as a serial

I/O.

3. Write 0 to KEYACC in the RCNFG register. If the 8-byte key that was just written matches the key

stored in the backdoor comparison key locations, SEC[1:0] in the ROPT register are automatically

changed to â10â and security will be disengaged until the next system reset.

The security key can be written only from a secure memory, so it cannot be entered through background

commands without the cooperation of a secure user program.

15.5 Initialization Information

15.5.1 Resets

The contents of the ROM array are unaffected by reset.

MC3S12RG128 Data Sheet, Rev. 1.05

Freescale Semiconductor

441

▷