27.4.11.2 Changing the Security StateThe security state out of reset can be permanently changed by programming the securitybyte of the flash configuration field. This assumes that you are starting from a modewhere the necessary program flash erase and program commands are available and thatthe region of the program flash containing the flash configuration field is unprotected. Ifthe flash security byte is successfully programmed, its new value takes affect after thenext chip reset.27.4.11.2.1 Unsecuring the Chip Using Backdoor Key AccessThe chip can be unsecured by using the backdoor key access feature, which requiresknowledge of the contents of the 8-byte backdoor key value stored in the FlashConfiguration Field (see Flash Configuration Field Description). If the FSEC[KEYEN]bits are in the enabled state, the Verify Backdoor Access Key command (see VerifyBackdoor Access Key Command) can be run; it allows the user to present prospectivekeys for comparison to the stored keys. If the keys match, the FSEC[SEC] bits arechanged to unsecure the chip. The entire 8-byte key cannot be all 0s or all 1s; that is,0000_0000_0000_0000h and FFFF_FFFF_FFFF_FFFFh are not accepted by the VerifyBackdoor Access Key command as valid comparison values. While the Verify BackdoorAccess Key command is active, program flash memory is not available for read accessand returns invalid data.The user code stored in the program flash memory must have a method of receiving thebackdoor keys from an external stimulus. This external stimulus would typically bethrough one of the on-chip serial ports.If the KEYEN bits are in the enabled state, the chip can be unsecured by the followingbackdoor key access sequence:1. Follow the command sequence for the Verify Backdoor Access Key command asexplained in Verify Backdoor Access Key Command2. If the Verify Backdoor Access Key command is successful, the chip is unsecured andthe FSEC[SEC] bits are forced to the unsecure stateAn illegal key provided to the Verify Backdoor Access Key command prohibits furtheruse of the Verify Backdoor Access Key command. A reset of the chip is the only methodto re-enable the Verify Backdoor Access Key command when a comparison fails.After the backdoor keys have been correctly matched, the chip is unsecured by changingthe FSEC[SEC] bits. A successful execution of the Verify Backdoor Access Keycommand changes the security in the FSEC register only. It does not alter the securitybyte or the keys stored in the Flash Configuration Field (Flash Configuration FieldDescription). After the next reset of the chip, the security state of the flash memoryChapter 27 Flash Memory Module (FTFA)KL04 Sub-Family Reference Manual, Rev. 3.1, November 2012Freescale Semiconductor, Inc. 415
