Monday, December 11th 2017, 1:04am UTC+1

You are not logged in.

  • Login
  • Register

JanWH

Beginner

Date of registration: Nov 15th 2017

Posts: 10

1

Wednesday, November 15th 2017, 1:53pm

[SOLVED] Bricked Eval Board after "erase" (NXP Kinetis MK20)

Hello,

in my naive brain state i executed a "erase" on an Kinetis MK20 Chip (MK20DN512XXX10), i have learned now that i write and read protected it apperantly.
Now J-Link Commander tries to unprotect it everytime i connect and fails, is there a way to reset it?

Source code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
J-Link>connect
Device "MK20DN512XXX10" selected.


Connecting to target via SWD
InitTarget()
Protection bytes in flash at addr. 0x400 - 0x40F indicate that readout protection is set.
For debugger connection the device needs to be unsecured.
Note: Unsecuring will trigger a mass erase of the internal flash.
Executing default behavior previously saved in the registry.
Device will be unsecured now.
Timeout while halting CPU.
Found SW-DP with ID 0x2BA01477
AP map detection skipped. User manually configured AP map.
AP[0]: AHB-AP (IDR: Not set)
AP[0]: Skipped. Invalid implementer code read from CPUIDVal[31:24] = 0x00
InitTarget()
Protection bytes in flash at addr. 0x400 - 0x40F indicate that readout protection is set.
For debugger connection the device needs to be unsecured.
Note: Unsecuring will trigger a mass erase of the internal flash.
Executing default behavior previously saved in the registry.
Device will be unsecured now.
Timeout while halting CPU.
Found SW-DP with ID 0x2BA01477
AP map detection skipped. User manually configured AP map.
AP[0]: AHB-AP (IDR: Not set)
AP[0]: Skipped. Invalid implementer code read from CPUIDVal[31:24] = 0x00

****** Error: Could not find core in Coresight setup
InitTarget()
Protection bytes in flash at addr. 0x400 - 0x40F indicate that readout protection is set.
For debugger connection the device needs to be unsecured.
Note: Unsecuring will trigger a mass erase of the internal flash.
Executing default behavior previously saved in the registry.
Device will be unsecured now.
Timeout while halting CPU.
Found SW-DP with ID 0x2BA01477
AP map detection skipped. User manually configured AP map.
AP[0]: AHB-AP (IDR: Not set)
AP[0]: Skipped. Invalid implementer code read from CPUIDVal[31:24] = 0x00
InitTarget()
Protection bytes in flash at addr. 0x400 - 0x40F indicate that readout protection is set.
For debugger connection the device needs to be unsecured.
Note: Unsecuring will trigger a mass erase of the internal flash.
Executing default behavior previously saved in the registry.
Device will be unsecured now.
Timeout while halting CPU.
Found SW-DP with ID 0x2BA01477
AP map detection skipped. User manually configured AP map.
AP[0]: AHB-AP (IDR: Not set)
AP[0]: Skipped. Invalid implementer code read from CPUIDVal[31:24] = 0x00
Cannot connect to target.

SEGGER - Nino

Super Moderator

Date of registration: Jan 2nd 2017

Posts: 430

2

Wednesday, November 15th 2017, 2:06pm

Hello Jan,

Thank you for your inquiry.
You can try and use the command "unlock kinetis". More information about that can be found in the J-Link user manual.
Does that solve the issue for you?

Best regards,
Nino

JanWH

Beginner

Date of registration: Nov 15th 2017

Posts: 10

3

Wednesday, November 15th 2017, 2:11pm

Thx for the fast replay,

i tried that but after the "unlock kinetis" command i get an ok but the error persists.
As you can see from the log i cant even get the initial AP list.

SEGGER - Nino

Super Moderator

Date of registration: Jan 2nd 2017

Posts: 430

4

Wednesday, November 15th 2017, 2:26pm

Hello Jan,

did you by any chance program the device with the (allow security) device?
If so it is possible that the device is locked unrecoverable.
Are you using some kind of scriptfile? Because the log says: "AP map detection skipped. User manually configured AP map."

Could you provide the file with which you locked the device in the first place?

Best regards,
Nino

JanWH

Beginner

Date of registration: Nov 15th 2017

Posts: 10

5

Wednesday, November 15th 2017, 2:35pm

If i have a script file it must be part of the j-link software v6.2. I did not add any file to it.

I might have used the "security enabled" device, i know that i had i selected by accident yesterday.
Any way to test for that?

But that "AP map detection skipped. User manually configured AP map." made me think,too.

Maybe its part of problem in the other thread, too. Its the same processor but a diffrent board.

SEGGER - Nino

Super Moderator

Date of registration: Jan 2nd 2017

Posts: 430

6

Wednesday, November 15th 2017, 4:15pm

Hi Jan,

Quoted

I might have used the "security enabled" device, i know that i had i selected by accident yesterday.
Any way to test for that?

Can you read back the device with J-Flash under Target->Manual Programing->Read back->Range.. and the e.g. Range 0x0 - 0x1000

Does that work?
If so could you tell me the content of address 0x400-0x410?
Should the read not work then read protection is set and if unlock kinetis does not work then mass erase (only recover option left) is disabled as well and the device is not recoverable.

What exact steps did you do to lock the device? Which application did you program?
What was your setup?

Best regards,
Nino

JanWH

Beginner

Date of registration: Nov 15th 2017

Posts: 10

7

Wednesday, November 15th 2017, 5:05pm

As you can see from the Log the J-Link Commander can't read that area and determines that its protected then tries to unlock and it stays protected.

So yes i guess its gone.

For others that come here via google:

Steps taken: "Connect (with security enabled)" -> "erase" -> "reset"

Do not "reset" after "erase" instead reprogram imidiatly! Or its gone for good.

SEGGER - Nino

Super Moderator

Date of registration: Jan 2nd 2017

Posts: 430

8

Wednesday, November 15th 2017, 5:19pm

Hi Jan,

I am sorry to hear that your device is locked permanently.
Unfortunately NXP chose this awkward place in flash to embed such a crucial feature so we have quite a number of people that run into this issue.
That is why we implemented two devices, one with the "allow security" and the other without.
So the user has the choice if he wants to possibly lock it or not.

I will close this thread now as the initial question has been answered.

Best regards,
Nino