English
Language : 

MC9S08GB60A Datasheet, PDF (56/302 Pages) Freescale Semiconductor, Inc – HCS08 Microcontrollers
Chapter 4 Memory
4.4.7 Vector Redirection
Whenever any block protection is enabled, the reset and interrupt vectors will be protected. Vector
redirection allows users to modify interrupt vector information without unprotecting bootloader and reset
vector space. Vector redirection is enabled by programming the FNORED bit in the NVOPT register
located at address 0xFFBF to zero. For redirection to occur, at least some portion but not all of the flash
memory must be block protected by programming the NVPROT register located at address 0xFFBD. All
of the interrupt vectors (memory locations 0xFFC0–0xFFFD) are redirected, while the reset vector
(0xFFFE:FFFF) is not. When more than 32K is protected, vector redirection must not be enabled.
For example, if 512 bytes of flash are protected, the protected address region is from 0xFE00 through
0xFFFF. The interrupt vectors (0xFFC0–0xFFFD) are redirected to the locations 0xFDC0–0xFDFD. Now,
if an SPI interrupt is taken for instance, the values in the locations 0xFDE0:FDE1 are used for the vector
instead of the values in the locations 0xFFE0:FFE1. This allows the user to reprogram the unprotected
portion of the flash with new program code including new interrupt vector values while leaving the
protected area, which includes the default vector locations, unchanged.
4.5 Security
The MC9S08GBxxA/GTxxA includes circuitry to prevent unauthorized access to the contents of flash and
RAM memory. When security is engaged, flash and RAM are considered secure resources. Direct-page
registers, high-page registers, and the background debug controller are considered unsecured resources.
Programs executing within secure memory have normal access to any MCU memory locations and
resources. Attempts to access a secure memory location with a program executing from an unsecured
memory space or through the background debug interface are blocked (writes are ignored and reads return
all 0s).
Security is engaged or disengaged based on the state of two nonvolatile register bits (SEC01:SEC00) in
the FOPT register. During reset, the contents of the nonvolatile location NVOPT are copied from flash into
the working FOPT register in high-page register space. A user engages security by programming the
NVOPT location which can be done at the same time the flash memory is programmed. The 1:0 state
disengages security while the other three combinations engage security. Notice the erased state (1:1) makes
the MCU secure. During development, whenever the flash is erased, it is good practice to immediately
program the SEC00 bit to 0 in NVOPT so SEC01:SEC00 = 1:0. This would allow the MCU to remain
unsecured after a subsequent reset.
The on-chip debug module cannot be enabled while the MCU is secure. The separate background debug
controller can still be used for background memory access commands, but the MCU cannot enter active
background mode except by holding BKGD/MS low at the rising edge of reset.
A user can choose to allow or disallow a security unlocking mechanism through an 8-byte backdoor
security key. If the nonvolatile KEYEN bit in NVOPT/FOPT is 0, the backdoor key is disabled and there
is no way to disengage security without completely erasing all flash locations. If KEYEN is 1, a secure
user program can temporarily disengage security by:
1. Writing 1 to KEYACC in the FCNFG register. This makes the flash module interpret writes to the
backdoor comparison key locations (NVBACKKEY through NVBACKKEY+7) as values to be
compared against the key rather than as the first step in a flash program or erase command.
MC9S08GB60A Data Sheet, Rev. 2
56
Freescale Semiconductor