mc9s12e256 Freescale Semiconductor, Inc, mc9s12e256 Datasheet - Page 116

mc9s12e256

Manufacturer Part Number

mc9s12e256

Description

Hcs12 Microcontrollers 16-bit Microcontroller

Manufacturer

Freescale Semiconductor, Inc

Datasheet

1.MC9S12E256.pdf (602 pages)

Available stocks

Company

Part Number

Manufacturer

Quantity

Price

Company:

BOSTOCK HK LIMITED

Part Number:

mc9s12e256CFUE

Manufacturer:

Freescale Semiconductor

Quantity:

10 000

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

mc9s12e256CPVE

Manufacturer:

Freescale Semiconductor

Quantity:

135

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

mc9s12e256CPVE

Manufacturer:

FREESCA

Quantity:

300

Company:

BOSTOCK HK LIMITED

Part Number:

mc9s12e256CPVE

Manufacturer:

Freescale Semiconductor

Quantity:

10 000

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

mc9s12e256MFUE

Manufacturer:

FREESCAL

Quantity:

329

Company:

BOSTOCK HK LIMITED

Part Number:

mc9s12e256MFUE

Manufacturer:

Freescale Semiconductor

Quantity:

10 000

Company:

BOSTOCK HK LIMITED

Part Number:

mc9s12e256MPVE

Manufacturer:

Freescale Semiconductor

Quantity:

10 000

Company:

BOSTOCK HK LIMITED

Part Number:

mc9s12e256VFUE

Manufacturer:

Freescale Semiconductor

Quantity:

10 000

Current page: 116 of 602
Download datasheet (4Mb)

Chapter 2 256 Kbyte Flash Module (FTS256K2V1)

2.6.1

The MCU may be unsecured by using the backdoor key access feature which requires knowledge of the

contents of the backdoor keys (four 16-bit words programmed at addresses 0xFF00–0xFF07). If the

KEYEN[1:0] bits are in the enabled state (see

KEYACC bit is set, a write to a backdoor key address in the Flash memory triggers a comparison between

the written data and the backdoor key data stored in the Flash memory. If all four words of data are written

to the correct addresses in the correct order and the data matches the backdoor keys stored in the Flash

memory, the MCU will be unsecured. The data must be written to the backdoor keys sequentially starting

with 0xFF00–0xFF01 and ending with 0xFF06–0xFF07. 0x0000 and 0xFFFF are not permitted as

backdoor keys. While the KEYACC bit is set, reads of the Flash memory will return invalid data.

The user code stored in the Flash memory must have a method of receiving the backdoor key from an

external stimulus. This external stimulus would typically be through one of the on-chip serial ports.

If the KEYEN[1:0] bits are in the enabled state (see

the MCU can be unsecured by the backdoor access sequence described below:

The backdoor key access sequence is monitored by an internal security state machine. An illegal operation

during the backdoor key access sequence will cause the security state machine to lock, leaving the MCU

in the secured state. A reset of the MCU will cause the security state machine to exit the lock state and

allow a new backdoor key access sequence to be attempted. The following operations during the backdoor

key access sequence will lock the security state machine:

After the backdoor keys have been correctly matched, the MCU will be unsecured. After the MCU is

unsecured, the Flash security byte can be programmed to the unsecure state, if desired.

In the unsecure state, the user has full control of the contents of the backdoor keys by programming

addresses 0xFF00–0xFF07 in the Flash configuration field.

The security as defined in the Flash security byte (0xFF0F) is not changed by using the backdoor key

access sequence to unsecure. The backdoor keys stored in addresses 0xFF00–0xFF07 are unaffected by

the backdoor key access sequence. After the next reset of the MCU, the security state of the Flash module

116

1. Set the KEYACC bit in the Flash configuration register (FCNFG).

2. Write the correct four 16-bit words to Flash addresses 0xFF00–0xFF07 sequentially starting with

3. Clear the KEYACC bit.

4. If all four 16-bit words match the backdoor keys stored in Flash addresses 0xFF00–0xFF07, the

1. If any of the four 16-bit words does not match the backdoor keys programmed in the Flash array.

2. If the four 16-bit words are written in the wrong sequence.

3. If more than four 16-bit words are written.

4. If any of the four 16-bit words written are 0x0000 or 0xFFFF.

5. If the KEYACC bit does not remain set while the four 16-bit words are written.

6. If any two of the four 16-bit words are written on successive MCU clock cycles.

0xFF00.

MCU is unsecured and the SEC[1:0] bits in the FSEC register are forced to the unsecure state of

1:0.

Unsecuring the MCU using Backdoor Key Access

MC9S12E256 Data Sheet, Rev. 1.08

Section 2.3.2.2, “Flash Security Register

Freescale Semiconductor

(FSEC)”) and the

(FSEC)”),

mc9s12e256 Freescale Semiconductor, Inc, mc9s12e256 Datasheet - Page 116

mc9s12e256

Available stocks

Related parts for mc9s12e256