[SOLVED] image secure is disabled but flash still secured

This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

  • [SOLVED] image secure is disabled but flash still secured

    I'm using K64 chip. The bin file shows the flash is not secured. See attached (address 0x40C, FSEC register).
    Nevertheless, whenever flashing with Segger, I'm getting the following message:
    "Your application message would set the system securityand/or disable the mass erase functionality of the device.
    This is not supported in the current configuration.
    Application data has been changed accordingly."And I need to Unlock using J-Link commander.
    How can it be?
    Images
    • 1.png

      58.08 kB, 930×710, viewed 715 times
  • Hello,

    Thank you for your inquiry.

    The bin file shows the flash is not secured. See attached (address 0x40C, FSEC register).


    Quite the contrary. According to the manual the MCU is secured with 0x00. Quote: "00 MCU security status is secure"

    You will need to unlock the device with a mass erase.
    This can be done with command "unlock kinetis". More information can be found in the J-Link user manual.
    When handling securable devices with our software we generally suggest not to select the "allow security" devices. That way our software makes sure you don't accidentally lock you device.

    Best regards,
    Nino
    Please read the forum rules before posting.

    Keep in mind, this is *not* a support forum.
    Our engineers will try to answer your questions between their projects if possible but this can be delayed by longer periods of time.
    Should you be entitled to support you can contact us via our support system: segger.com/ticket/

    Or you can contact us via e-mail.
  • Thanks, Nino,
    I must say I'm totally confused.
    After the board security is disabled, I now cannot enable it again. I want to emphasize I do not want security (thus I do not want to use unlock), but I wanted to debug the error I explained above so I made 2 bin files. One with FE at FSEC register (0x40C) and one with FF. Both changes are made in the Flash Configuration Field in the Startup file (K64).
    When I load the FF bin file. I see it in the Segger flasher as follows:



    [img]https://community.nxp.com/servlet/JiveServlet/showImage/2-978164-208641/before_40c_FF.png[/img]

    It means the MCU is secured, right?
    Ok, now I flash this file, and it changes immediately after flashing to FE:

    [img]https://community.nxp.com/servlet/JiveServlet/showImage/2-978164-208659/after_40c_FE.png[/img]

    How come?
    I wanted it to be FF.
    I don't understand. If the register at CFC (address 0x40C) was set to FF, how come Segger changed it to FE?
  • Hello,

    You are using a relatively outdated version of J-Flash.
    Could you update it to the latest version and see if the behaviour improves for your case?

    It means the MCU is secured, right?

    Yes with 0xFF at that spot the flash security is enabled.
    J-Flash will change it because when selecting the target device at J-Flash project setup you selected the not (allow security) device (screenshot attached).
    If you select the (allow security) device you can activate the flash security and J-Flash will not change the value to 0xFE anymore.
    Keep in mind that with the (allow security) device setting J-Link will program any value you give him into flash without additional checks. So if you lock your device definitely J-Link won't be able to recover it.
    So be very careful and sure about what you are programming with the (allow security) activated.
    If you activate flash security memory access over the debug port is not possible. See Kinetis user manual section Security for more information.
    So if you want to program the device a second time J-Link will offer you a mass erase of the flash.

    Best regards,
    Nino
    Images
    • Capture.PNG

      37.03 kB, 758×501, viewed 418 times
    Please read the forum rules before posting.

    Keep in mind, this is *not* a support forum.
    Our engineers will try to answer your questions between their projects if possible but this can be delayed by longer periods of time.
    Should you be entitled to support you can contact us via our support system: segger.com/ticket/

    Or you can contact us via e-mail.