[SOLVED] Bricked Eval Board after "erase" (NXP Kinetis MK20)

This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

  • [SOLVED] Bricked Eval Board after "erase" (NXP Kinetis MK20)

    Hello,

    in my naive brain state i executed a "erase" on an Kinetis MK20 Chip (MK20DN512XXX10), i have learned now that i write and read protected it apperantly.
    Now J-Link Commander tries to unprotect it everytime i connect and fails, is there a way to reset it?

    Source Code

    1. J-Link>connect
    2. Device "MK20DN512XXX10" selected.
    3. Connecting to target via SWD
    4. InitTarget()
    5. Protection bytes in flash at addr. 0x400 - 0x40F indicate that readout protection is set.
    6. For debugger connection the device needs to be unsecured.
    7. Note: Unsecuring will trigger a mass erase of the internal flash.
    8. Executing default behavior previously saved in the registry.
    9. Device will be unsecured now.
    10. Timeout while halting CPU.
    11. Found SW-DP with ID 0x2BA01477
    12. AP map detection skipped. User manually configured AP map.
    13. AP[0]: AHB-AP (IDR: Not set)
    14. AP[0]: Skipped. Invalid implementer code read from CPUIDVal[31:24] = 0x00
    15. InitTarget()
    16. Protection bytes in flash at addr. 0x400 - 0x40F indicate that readout protection is set.
    17. For debugger connection the device needs to be unsecured.
    18. Note: Unsecuring will trigger a mass erase of the internal flash.
    19. Executing default behavior previously saved in the registry.
    20. Device will be unsecured now.
    21. Timeout while halting CPU.
    22. Found SW-DP with ID 0x2BA01477
    23. AP map detection skipped. User manually configured AP map.
    24. AP[0]: AHB-AP (IDR: Not set)
    25. AP[0]: Skipped. Invalid implementer code read from CPUIDVal[31:24] = 0x00
    26. ****** Error: Could not find core in Coresight setup
    27. InitTarget()
    28. Protection bytes in flash at addr. 0x400 - 0x40F indicate that readout protection is set.
    29. For debugger connection the device needs to be unsecured.
    30. Note: Unsecuring will trigger a mass erase of the internal flash.
    31. Executing default behavior previously saved in the registry.
    32. Device will be unsecured now.
    33. Timeout while halting CPU.
    34. Found SW-DP with ID 0x2BA01477
    35. AP map detection skipped. User manually configured AP map.
    36. AP[0]: AHB-AP (IDR: Not set)
    37. AP[0]: Skipped. Invalid implementer code read from CPUIDVal[31:24] = 0x00
    38. InitTarget()
    39. Protection bytes in flash at addr. 0x400 - 0x40F indicate that readout protection is set.
    40. For debugger connection the device needs to be unsecured.
    41. Note: Unsecuring will trigger a mass erase of the internal flash.
    42. Executing default behavior previously saved in the registry.
    43. Device will be unsecured now.
    44. Timeout while halting CPU.
    45. Found SW-DP with ID 0x2BA01477
    46. AP map detection skipped. User manually configured AP map.
    47. AP[0]: AHB-AP (IDR: Not set)
    48. AP[0]: Skipped. Invalid implementer code read from CPUIDVal[31:24] = 0x00
    49. Cannot connect to target.
    Display All
  • Hello Jan,

    Thank you for your inquiry.
    You can try and use the command "unlock kinetis". More information about that can be found in the J-Link user manual.
    Does that solve the issue for you?

    Best regards,
    Nino
    Please read the forum rules before posting.

    Keep in mind, this is *not* a support forum.
    Our engineers will try to answer your questions between their projects if possible but this can be delayed by longer periods of time.
    Should you be entitled to support you can contact us via our support system: segger.com/ticket/

    Or you can contact us via e-mail.
  • Hello Jan,

    did you by any chance program the device with the (allow security) device?
    If so it is possible that the device is locked unrecoverable.
    Are you using some kind of scriptfile? Because the log says: "AP map detection skipped. User manually configured AP map."

    Could you provide the file with which you locked the device in the first place?

    Best regards,
    Nino
    Please read the forum rules before posting.

    Keep in mind, this is *not* a support forum.
    Our engineers will try to answer your questions between their projects if possible but this can be delayed by longer periods of time.
    Should you be entitled to support you can contact us via our support system: segger.com/ticket/

    Or you can contact us via e-mail.
  • If i have a script file it must be part of the j-link software v6.2. I did not add any file to it.

    I might have used the "security enabled" device, i know that i had i selected by accident yesterday.
    Any way to test for that?

    But that "AP map detection skipped. User manually configured AP map." made me think,too.

    Maybe its part of problem in the other thread, too. Its the same processor but a diffrent board.
  • Hi Jan,

    I might have used the "security enabled" device, i know that i had i selected by accident yesterday.
    Any way to test for that?

    Can you read back the device with J-Flash under Target->Manual Programing->Read back->Range.. and the e.g. Range 0x0 - 0x1000

    Does that work?
    If so could you tell me the content of address 0x400-0x410?
    Should the read not work then read protection is set and if unlock kinetis does not work then mass erase (only recover option left) is disabled as well and the device is not recoverable.

    What exact steps did you do to lock the device? Which application did you program?
    What was your setup?

    Best regards,
    Nino
    Please read the forum rules before posting.

    Keep in mind, this is *not* a support forum.
    Our engineers will try to answer your questions between their projects if possible but this can be delayed by longer periods of time.
    Should you be entitled to support you can contact us via our support system: segger.com/ticket/

    Or you can contact us via e-mail.
  • As you can see from the Log the J-Link Commander can't read that area and determines that its protected then tries to unlock and it stays protected.

    So yes i guess its gone.

    For others that come here via google:

    Steps taken: "Connect (with security enabled)" -> "erase" -> "reset"

    Do not "reset" after "erase" instead reprogram imidiatly! Or its gone for good.
  • Hi Jan,

    I am sorry to hear that your device is locked permanently.
    Unfortunately NXP chose this awkward place in flash to embed such a crucial feature so we have quite a number of people that run into this issue.
    That is why we implemented two devices, one with the "allow security" and the other without.
    So the user has the choice if he wants to possibly lock it or not.

    I will close this thread now as the initial question has been answered.

    Best regards,
    Nino
    Please read the forum rules before posting.

    Keep in mind, this is *not* a support forum.
    Our engineers will try to answer your questions between their projects if possible but this can be delayed by longer periods of time.
    Should you be entitled to support you can contact us via our support system: segger.com/ticket/

    Or you can contact us via e-mail.