1 Freescale Semiconductor Document Number:AN4507 Application Note Rev. 1, 6/2012 Using the Kinetis Security and Flash Protection Features by: Melissa Hunter Automotive and Industrial Solutions Group 1 Introduction The Kinetis family of microcontrollers include system security and flash protection features that can be used to protect code and data from unauthorized access or modification. This application note discusses usage of the security and flash protection features available on the Kinetis family processors. The chip security and flash protection features controlled using the flash configuration field will be covered in this application note. The default security options are configured at reset based on the application image. All flash application images need to include configuration of the security and protection options. Configuration is required in all cases. Even if the required setting is to have the flash and security options disabled, the application image must configure the setting for those desired values. Therefore, anyone writing an application must be aware of the security and protection options and how to correctly configure them. Contents 1 Introduction Security vs. protection Security options Flash protection Flash protection regions Configuring flash protection settings Changing flash protection settings Tamper detection and cryptography Security vs. protection The Kinetis security features are system-level options that are designed to prevent unauthorized access to the processor and the code and data within the processor. Software intellectual 2012 Freescale Semiconductor, Inc.
2 Security vs. protection property (IP) is a very valuable investment and the security features protect that investment, prevent cloning, and secure sensitive data that might be stored in the memory. Security feature: Although the security on Kinetis is controlled by the settings that reside within the flash, it is not a flash-level feature. The flash provides the security options to the chip system logic, and the chip system logic takes action based on the settings. So, even though the user interacts with the flash to use the security settings, it must be considered as a processor mode selection because the decisions made by the user will affect the entire processor. In fact, the option to enable or disable security has very little impact on the flash itself. Even when the security is enabled, the flash is still fully operational. This means that firmware residing in the flash that enables security can still modify the flash because read, erase, and program operations to the flash itself are not changed (with the possible exception of mass erase). Flash protection feature: By comparison, the flash protection features only affect the flash itself. The flash protection is designed to prevent accidental erasure or programming of areas of the flash. This option only affects the ability to modify selected flash regions; there is no effect on the rest of the processor. 2.1 Security options The following sections will show the security options that are available on Kinetis. Initially, look at the actual register and field descriptions from the Kinetis reference manual available on then go into more detail on how each option works and how to configure them FSEC register and field settings The Flash Security (FSEC) register contains several fields that are used to enable/disable security and also select a few features that come into effect when security is enabled. Figure 1 shows the FSEC register fields, and Table 1 shows the bit settings for each of the fields. The following sections discuss all of the options available in the FSEC register in more detail including impact on the system and recommended usage. Figure 1. Flash Security register Table 1. FSEC field description Field 7 6 KEYEN Backdoor Key Security Enable. Description This field enables and disables backdoor key access to the flash memory module. 00 Backdoor key access is disabled. 01 Backdoor key access is disabled (preferred KEYEN state to disable backdoor key access) 10 Backdoor key access is enabled. 11 Backdoor key access is disabled. Table continues on the next page... 2 Freescale Semiconductor, Inc.
3 Table 1. FSEC field description (continued) Security vs. protection Field 5 4 Mass Erase Enable Description MEEN 3 2 FSLACC 1 0 SEC This field enables and disables the JTAG and EzPort mass erase capability of the flash memory module. The state of the MEEN field is relevant only when SEC is set to secure. When the SEC field is set to unsecure, the MEEN setting does not matter. 00 Mass erase is enabled. 01 Mass erase is enabled. 10 Massel erase is disabled. 11 Mass erase is enabled. Freescale Failure Analysis Code. This field enables or disables access to the flash memory contents during returned part failure analysis at Freescale. When SEC is secure and FSLACC is denied, access to the flash contents by Freescale is denied and any failure analysis performed by Freescale factory test must begin with a full erase to unsecure the part (assuming mass erase is enabled). When access is granted (SEC is unsecure, or SEC is secure and FSLACC is granted), Freescale factory testing has visibility of the current flash contents. The state of FSLACC is relevant only when SEC is set to secure. When SEC is set to unsecure, the FSLACC setting does not matter. 00 Freescale factory access is granted. 01 Freescale factory access is denied. 10 Freescale factory access is denied. 11 Freescale factory access is granted. Flash Security This field defines the security state of the MCU. In the secure state, the MCU limits access to flash memory module resources. If the flash memory module is unsecured using backdoor key access, the SEC field is forced to 10b. 00 MCU security status is secure. 01 MCU security status is secure. 10 MCU security status is unsecure, that is, the standard shipping condition of the MCU is unsecure. 11 MCU security status is secure Security enable/disable While setting FSEC[SEC], the user must first decide whether to enable the security or not. The following sections discuss the effects of enabling or disabling security. Freescale Semiconductor, Inc. 3
4 Security vs. protection How enabling security affects JTAG In order to protect the information inside the processor, debug access to the internals of the processor are disabled when security is on. JTAG scan chain operation is possible even when security is enabled. Registers that reside within the JTAG and debug logic can be accessed, but no other registers or memory inside the processor can be accessed via the debug port. One of the debug registers that can be read even when security is enabled is the MDM-AP status register. This register resides within the debug logic and can be used to verify the current security settings. This could be useful to solve problems in establishing a debug connection to the processor. If this happens then the MDM-AP value can be used to determine if security is enabled and preventing the debug connection. If mass erase is still enabled through FESC[MEEN], then the JTAG port can also be used to request a mass erase. After the mass erase completes, security is disabled. This means that mass erase can be used to regain debugger connectivity with a part, but all the code/data that was in the flash is lost in the process How enabling security affects the EzPort When security is enabled, the processor can still boot into EzPort mode as long as EzPort mode entry is enabled. The EzPort communications will still be active and can be used to send commands, but many of the commands will not be accepted. Most importantly the only resource that can be read with the security enabled is the EzPort Status register. Similar to the MDM-AP Status register, the EzPort Status register can be read to determine if flash security is enabled. The EzPort can also be used to execute a mass erase of the flash to unsecure the processor (if the MEEN field allows) How enabling security affects the FlexBus When security is enabled, the FlexBus operation is programmable. SIM_SOPT2[FBSL] is used to control what accesses are allowed on the external bus when security is enabled. By default, all the external accesses to the FlexBus are blocked when security is enabled. There are options to allow only data access, or to allow both the data and opcode access. If both data and opcode accesses are allowed, then the FlexBus controller would behave in the same way when security is enabled or disabled. SIM_SOPT2[FBSL] has an effect only when security is enabled. If security is disabled, then SIM_SOPT2[FBSL] has no effect How enabling security affects the flash Although the security state of the processor is delivered to the rest of the system on-chip (SoC) by the flash block, the flash operation is largely unaffected by the security state. Resident firmware already stored in the memory can run the same set of flash commands in either security state. Through firmware, the user can read, erase, and program the flash in the same way, even if the device is secured. Because the EzPort and JTAG access are restricted, the flash is not accessible to the outside world, but from within the part, the flash can be used normally. When using a communications port for field firmware upgrades, security can be enabled and the firmware upgrade code will still execute normally What happens when security is disabled If the security is disabled, then all other options in this register are ignored. By default, the processor is actually secure, but during the reset process after the processor gets the security option from the flash, it will disable security if selected, and will open up access for debugging, EzPort, and FlexBus. 4 Freescale Semiconductor, Inc.
5 Backdoor key enable Security vs. protection The second option in the FSEC register is a backdoor key enable option controlled by FSEC[KEYEN]. When enabled, the backdoor key option allows for a means of temporarily disabling flash security if the correct 64-bit key value is provided when executing a flash verify backdoor access key command Important things to keep in mind for using the backdoor key feature The backdoor key unlock feature can be extremely useful when using security; however, using the feature requires some preconfiguration. Here are a few important tips to keep in mind while using a backdoor key: Configure the 64-bit comparison key value for the application at the same time when security and the backdoor key feature are enabled. The key value cannot be configured on a secured device after it is already running without reprogramming sections of the flash using firmware and resetting the device. All 0s or all 1s cannot be used as the key value. The key value selected must be some combination with at least one 1 and one 0. If the user attempts to use a key value all 0s or all 1s, then the Verify Backdoor Access Key command will return an error. There is no preconfigured mechanism for obtaining a key value and running the Verify Backdoor Access Key command in the processor. The application needs to include a code sequence to allow a user to input a key value and then run the Verify Backdoor key command using the entered value. If the Verify Backdoor Access Key command detects a mismatch between the preprogrammed comparison key and the provided key, then a power-on reset is required before the Verify Backdoor Access Key command can be executed again. If the Verify Backdoor Access Key command correctly matches the comparison key and the provided key, then flash security is disabled temporarily. Once the processor is reset, it will return to the secured state unless action is taken to change the default security setting Using a backdoor key to unlock security The steps below describe a typical sequence to use a backdoor key to temporarily disable security. 1. Program the flash on the processor with an application that enables security, and the backdoor key access feature, and sets a valid backdoor access comparison key value. See How to configure security options for information on how to configure these options. The application must also contain code to perform the additional steps described in this procedure. 2. The end-users must perform some action to indicate that they want to enter a key value to temporarily disable security. This could be through some form of serial command or hardware interaction. For example, the user can setup the application with a backdoor command that would be entered through a serial terminal command line interface, or can even have a push button on the board to generate an interrupt that causes the software to branch to a special backdoor key sequence. 3. After the firmware has detected that the user wants to temporarily unsecure the device, it must provide a prompt to the user to enter the 64-bit key value. Typically, this would be done using one of the communications ports on the processor like the UART, SPI, or Ethernet. 4. Wait for the user to enter the 64-bit key. 5. After the 64-bit user key has been obtained, load the flash FCCOBn registers with the command value and operands for the Verify Backdoor Access Key command, as shown in the table below. FCCOB numbers Table 2. Verify Backdoor Access Key command FCCOB contents 0 0x45 (VFYKEY) 1 3 Not used 4 User Key Byte 0 5 User Key Byte 1 Table continues on the next page... Freescale Semiconductor, Inc. 5
6 Security vs. protection Table 2. Verify Backdoor Access Key command (continued) FCCOB numbers FCCOB contents 6 User Key Byte 2 7 User Key Byte 3 8 User Key Byte 4 9 User Key Byte 5 A User Key Byte 6 B User Key Byte 7 Pay careful attention to the byte order and FCCOB register locations. The flash was originally designed for big-endian architectures, but Kinetis is little-endian. In order to prevent byte swap problems, it is usually best to handle the preconfigured key and user key as two 32-bit values and always read and write them as 32-bits. The FCCOB registers are 8-bit registers; however four can be written at a time using a 32-bit access. 6. Clear the FCSR[CCIF] field in flash to start execution of the Verify Backdoor Access Key command. 7. If the user key successfully matches the comparison backdoor key, then the security will be temporarily disabled. Because most of this sequence would be handled by the application, there are other options. For example, during debugging, a push button can be setup on a board as an unlock button. Software could detect the button press and then execute the Verify Backdoor Access Key command, without actually requiring the user to input the key by some means. This approach is not very secure, and is therefore not recommended. However, the decision of how to correctly handle backdoor keys, or whether to use them at all, is up to the user Mass erase disable The third security setting (FSEC[MEEN]) gives the option to completely disable mass erase functionality for the flash. Disabling the mass erase feature can provide an additional level of security for a system. This would prevent someone from using JTAG or EzPort mass erase commands to override security and load a new application. However, this means that the mass erase capability will also be lost. If the user disables mass erase with no other means to unsecure the device (no backdoor key and no firmware means of changing the default security options), then that device will be permanently secured. Even when mass erase is disabled, the flash Erase All Blocks command can be used to mass erase the device. This is a flash command that requires firmware in the device to execute the command. 6 Freescale Semiconductor, Inc.
7 Freescale access disable FSEC[FSLACC] determines if Freescale can access the device when the part is secured. This field is primarily a concern if there is a suspected quality issue and parts are returned to Freescale for retest and failure analysis. The following table presents the conditions for Freescale access. Table 3. Conditions for Freescale access Security vs. protection The device is secured with Freescale access disabled and mass erase enabled The device is secured with both Freescale access and mass erase disabled If Then Freescale would start the failure analysis process by mass erasing the device to unsecure it. Freescale will have very limited ability to perform failure analysis on the device. For this reason, it is recommended that to leave mass erase enabled, if the user plans to disable Freescale access How to configure security options As mentioned in Introduction, the application image itself determines the default security options. This is done by programming a specific location within the flash memory array known as the flash configuration field. During the reset sequence, the flash logic reads the values that are programmed into the flash configuration field locations (0x400 0x40F) and uses them to obtain default values for several flash registers and also passes some of the setting information on to the SoC. Because the application image is responsible for setting the default security options, all the flash images must contain valid flash configuration data. Failure to correctly configure the flash configuration field when programming the flash can lead to permanently securing the processor. Table 4 shows the addresses of all of the flash configuration fields and gives a brief description of how each location is used. For full descriptions of the flash configuration field and flash registers including bit definitions, please see the reference manual for a specific Kinetis device available on Flash configuration field address Table 4. Flash configuration field Size (Bytes) Field description Flash register initialized by field 0x400 0x407 8 Backdoor comparison key. See Backdoor key enable for details 0x408 0x40B 4 Default program flash protection settings 0x40F 1 Default data flash protection settings. This setting is used only for FlexNVM devices. For P-Flash only devices, this field is unused (write as 0xFF). 0x40E 1 Default EEPROM protection settings. This setting is used only for FlexNVM devices. For P-Flash only devices, this field is unused (write as 0xFF). Table continues on the next page... FPROT0 3 FDPROT FEPROT Freescale Semiconductor, Inc. 7
8 Security vs. protection Table 4. Flash configuration field (continued) Flash configuration field address Size (Bytes) Field description Flash register initialized by field 0x40D 1 Flash option byte. This field is used to configure SoC specific settings. The options can vary on different Kinetis devices. See the reference manual for the specific Kinetis device available at to see the settings that are available for that processor. 0x40C 1 Default flash security register setting. FOPT FSEC It is extremely important that all the flash images downloaded to the processor contain appropriate values for the flash configuration field. Freescale recommends adding the flash configuration field values at the very end of the vector table. The vector table is stored at 0x0 0x3FF, and then the flash configuration field is 0x400 0x40F. Application code and data can start at 0x410. Please refer to the vectors.c and vectors.h files in the Kinetis 120MHz bare metal sample code. zip file available at for a software example of how to do this How to disable security after it has been enabled There are several ways to disable security; however, keep in mind that the unsecure options are affected by the flash security options that have been programmed into the flash configuration field. So, depending on the current state of the FSEC register these options might not be available. Because the FSEC register is initialized from the flash configuration field, all methods of disabling flash security are temporary. Once security has been disabled, it remains disabled only until the next reset. The flash configuration field must be modified in order to make a change to security settings that will go into effect after the next reset and every subsequent reset after that, as long as the flash configuration field is not modified again Mass erase via Debugger/JTAG Debuggers and JTAG tools have very limited access to the device when a processor is secured. The only registers that can be accessed through the JTAG are the MDM-AP Status and Control registers. In order to allow debug tools to unsecure parts, bit 0 of the MDM-AP Control register can be set to request a mass erase of the processor. In order to use this method to disable security, FSEC[MEEN] must be set to a value other than 10 to allow mass erase capability. If the mass erase is disabled, FSEC[MEEN] = 10, then the mass erase request will be ignored by the flash and the device cannot be unsecured using this method. Many debuggers will automatically use bit 2 of the MDM-AP Status register to determine if a device is secured when attempting to establish a connection. A debugger pop-up window might be used to alert that the device is secured and ask if a mass erase is desired to unsecure the device. Once the mass erase is completed and verified, security will be disabled. Some debuggers might automatically program the flash configuration field to put the flash into an unsecured state after the mass erase completes, FSEC = 0xFE. 8 Freescale Semiconductor, Inc.
9 Security vs. protection Mass erase via EzPort The EzPort also has the ability to request a mass erase to unsecure a device using a bulk erase command (BE). As with the mass erase via debugger or JTAG, the FSEC register must be configured to enable mass erase functionality. After the mass erase is completed and verified, security will be disabled. At this point, the EzPort can be used to program the flash with a new image including the desired flash configuration field values Disable security using a backdoor key If backdoor key functionality is enabled and a valid backdoor key is configured in the flash configuration field, then the backdoor key entry sequence described in Using a backdoor key to unlock security can be used to temporarily disable security. Unlike the mass erase options for disabling security, the flash contents are completely unaffected, if this option is used. Because the flash is not modified, the flash configuration field is also unchanged, the security is only temporarily disabled unless the flash configuration is reprogrammed. Code and data stored in the flash can be read and written freely at this point Reprogramming flash security fields using firmware As stated in How enabling security affects the flash, firmware already programmed into the flash can be used to erase and program the flash. This includes the possibility of using firmware commands to erase and then reprogram the flash configuration field values. This method is a special case in that the direct reprogramming of the flash configuration field doesn t change the current value of the FSEC register. Therefore, if the flash configuration field is reprogrammed to a value that unsecures the part using this method, the change won t actually go into effect until the processor resets and loads the new value from the flash configuration field into the FSEC register. On most Kinetis devices, the flash configuration field is located in the first sector of the flash. So, in order to erase and reprogram the flash configuration field, the entire vector table including the initial stack pointer and PC values need to be erased. If power is lost or firmware does not update all of the values that were erased correctly, then a mass erase of the entire device will most likely be required Security and the flash swap feature Kinetis devices with two or more program flash (P-Flash) memory blocks have the P-Flash swap feature. The flash swap feature allows the system programmer to configure the logical memory map of the P-flash space such that either of the two physical P-flash blocks can exist at relative address 0x0000. Swapping the base address of the two P-flash blocks allows the system to either boot from P-flash block 0 or P-flash block 1, because either block can be located at the base address 0x0000. Swapping the flash blocks in order to boot an alternate application image, also requires having a valid flash configuration field in both the flash blocks. The flash registers will always be loaded from address 0x400 0x40F, so it is important that both the possible options for address 0x400 0x40F (the flash configuration field) must be configured with the desired options. Typically, use the same flash configuration field values for both the flash blocks; however, the user can program the two blocks with different flash configuration field settings and use the swap as a method of changing the security and/or protection settings. Freescale Semiconductor, Inc. 9
10 Flash protection 3 Flash protection The flash protection features are used to prevent accidental erase or program for regions of the flash. While the security options prevent unauthorized access of the microcontroller from external sources, the flash protection prevents writing of the flash. When a region of the flash is protected, no modifications of the contents are permitted. This includes all write accesses even those requested by firmware running inside the processor. There are a number of applications of the flash protection but a couple of common use cases are: Protecting all regions of flash that contain code to protect the application itself from being overwritten. Regions of flash that are used to store data would be left unprotected. Protecting the vector table and a bootloader application that resides within the flash, and leaving the rest of the flash unprotected. This will prevent accidental erasure of the bootloader, but other portions of the flash remain unprotected to allow the bootloader to perform firmware updates. 3.1 Flash protection regions The protection features are available for all of the flash regions P-Flash, D-Flash, and even EEPROM. The number and size of the flash protection regions vary depending on the type of flash and the size of that flash block P-Flash For P-Flash, there are always 32 protection regions controlled by the FPROT0 FPROT3 registers. The size of the protection regions will be: (Total P-Flash size) 32. Table 5 shows flash protection region sizes based on the total P-Flash size that are currently available in the Kinetis family. Table 5. Kinetis P-Flash protection region sizes Total P-Flash size P-Flash protection region size 1 MB KB KB KB 4 64 KB 2 32 KB D-Flash For devices that include FlexNVM, the D-Flash protection is controlled by the FDPROT register, where the D-Flash is the total size of the FlexNVM minus any flash that is being used to back-up enhanced EEPROM (EEE) data (E-Flash). Because the FlexNVM partition options for supporting the EEE functionality can result in some non-power of two flash sizes, there are some special cases to consider for determining the size of the flash protection regions. If the D-Flash size is a power of two, then there are eight protection regions of equal size. So the flash protection region size is given by: 10 Freescale Semiconductor, Inc.
11 (Total D-Flash size) 8 Flash protection For example, while using a device with 256 KB of FlexNVM, where half of the FlexNVM is used as D-Flash and the other half is used as EEE back-up (E-Flash), there would be eight protection regions each 16 KB in size (128/8 = 16). If the D-Flash size is not a power of two, then the protection region size is fixed and there will be less than 8 protection regions actually used. The fixed size of the protection region can vary depending on the specific Kinetis device being used. See the specific Kinetis reference manual at to get the correct value to use for the processor. For example, when using a 100 MHz Kinetis device with 256 KB of FlexNVM where 192 KB are used as D-Flash (64 KB used as EEE back-up), the data flash protection regions would be 32 KB in size. In this case, only 6 protection regions would be used instead of 8 (32 x 6 = 192), so FDPROT[7:6] must always be set to 1, but only FDPROT[5:0] have an effect E-Flash For devices where FlexNVM is available and the EEE feature is being used, there are always 8 protection regions for the EEE data controlled by the FEPROT register. The size of the protection regions will be equal to the total EEPROM size divided by Configuring flash protection settings Like the security options, the default values for all of the flash protection registers, FPROT0 FPROT3, FDPROT, and FEPROT, are determined by the application image based on the values programmed into the flash configuration field. During the reset sequence, the flash protection registers will be loaded with values from the flash configuration field. See Table 4 for the description of which flash configuration field addresses correspond to the flash protection registers. 3.3 Changing flash protection settings The sections below describe the methods that can be used to change the flash protection settings Mass erase Both the Debug and EzPort mass erase commands ignore flash protection settings, so mass erase can be used as long as the FSEC setting has mass erase enabled, to return the chip to the default state where none of the flash is protected. The flash Erase All Block command checks the flash protection settings. The command will not execute if any of the flash regions are protected. So, in order to use mass erase to clear the protection settings, the JTAG/debugger or EzPort method must be used Reprogramming the flash configuration field As long as the region of the P-flash containing the flash configuration field is not protected, the field can be reprogrammed either using firmware or a debugger (the debugger option is available only if the device is not secured). This method changes the default setting for the flash protection bits. So, the values of the flash protection bits can be changed without restriction, that is, the status can switch from protected to unprotected. Because the change is to the default state of the protection registers and not to the registers themselves, any changes made won t go into effect until the next reset. Freescale Semiconductor, Inc. 11
12 Tamper detection and cryptography On most Kinetis devices, the flash configuration field is located in the first sector of the flash. So in order to erase and reprogram the flash configuration field, the entire vector table including the initial stack pointer and PC values need to be erased. Keep in mind that the region of flash containing the flash configuration field can be protected. If the flash configuration field is protected, the user will not be able to erase and then reprogram the flash configuration field to change the protection settings. For this reason, it is recommended to leave mass erase enabled while using flash protection and enabling security Writing to protection registers Unlike the FSEC register, direct writes to the flash protection registers are allowed; however, they can only be used to increase protection. It is not allowed to write to the flash protection registers to unprotect a region. The flash actually allows for this in NVM special mode, but the SoC doesn't use NVM special mode except for when the part is in EzPort mode. Also, these changes last only until the next reset. If the chip goes through a reset, then the registers will be reloaded from the flash configuration field, so at that point, any direct changes to the protection registers would be lost. 4 Tamper detection and cryptography Some Kinetis family devices offer tamper detection (DryIce module) and/or cryptography features (CAU and RNG modules). A detailed discussion of these features is outside the scope of this application note, but other application notes are planned to discuss these modules. Please visit to check for the latest application notes. The tamper detection and cryptography features are useful complements to the security and protection features, and must be considered when planning out an overall strategy for security. The CAU can be used to encrypt/decrypt data for any of the external interfaces on the chip. The security features discussed in this application note help to keep information inside the processor secure, but the cryptography blocks can be used to protect and ensure the integrity of data that is being passed to or from external devices or communication ports. The DryIce module includes tamper detection signals that can be used to determine if someone is attempting to interfere with the enclosure and/ or circuitry on the PCB to gain access to the system. 12 Freescale Semiconductor, Inc.
13 How to Reach Us: Home Page: Web Support: USA/Europe or Locations Not Listed: Freescale Semiconductor Technical Information Center, EL East Elliot Road Tempe, Arizona or Europe, Middle East, and Africa: Freescale Halbleiter Deutschland GmbH Technical Information Center Schatzbogen Muenchen, Germany (English) (English) (German) (French) Japan: Freescale Semiconductor Japan Ltd. Headquarters ARCO Tower 15F 1-8-1, Shimo-Meguro, Meguro-ku, Tokyo Japan or Asia/Pacific: Freescale Semiconductor China Ltd. Exchange Building 23F No. 118 Jianguo Road Chaoyang District Beijing China Information in this document is provided solely to enable system and software implementers to use Freescale Semiconductors products. There are no express or implied copyright licenses granted hereunder to design or fabricate any integrated circuits or integrated circuits based on the information in this document. Freescale Semiconductor reserves the right to make changes without further notice to any products herein. Freescale Semiconductor makes no warranty, representation, or guarantee regarding the suitability of its products for any particular purpose, nor does Freescale Semiconductor assume any liability arising out of the application or use of any product or circuit, and specifically disclaims any liability, including without limitation consequential or incidental damages. "Typical" parameters that may be provided in Freescale Semiconductor data sheets and/or specifications can and do vary in different applications and actual performance may vary over time. All operating parameters, including "Typicals", must be validated for each customer application by customer's technical experts. Freescale Semiconductor does not convey any license under its patent rights nor the rights of others. Freescale Semiconductor products are not designed, intended, or authorized for use as components in systems intended for surgical implant into the body, or other applications intended to support or sustain life, or for any other application in which failure of the Freescale Semiconductor product could create a situation where personal injury or death may occur. Should Buyer purchase or use Freescale Semiconductor products for any such unintended or unauthorized application, Buyer shall indemnify Freescale Semiconductor and its officers, employees, subsidiaries, affiliates, and distributors harmless against all claims, costs, damages, and expenses, and reasonable attorney fees arising out of, directly or indirectly, any claim of personal injury or death associated with such unintended or unauthorized use, even if such claims alleges that Freescale Semiconductor was negligent regarding the design or manufacture of the part. RoHS-compliant and/or Pb-free versions of Freescale products have the functionality and electrical characteristics as their non-rohs-complaint and/or non-pb-free counterparts. For further information, see or contact your Freescale sales representative. For information on Freescale's Environmental Products program, go to Freescale and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners Freescale Semiconductor, Inc. Document Number: AN4507 Rev. 1, 6/2012
Freescale Semiconductor Document Number: AN4378 Application Note Rev. 0, 10/2011 Using WinUSB in a Visual Studio Project with Freescale USB device controller by: Paolo Alcantara Microcontroller Solutions
Freescale Semiconductor Document Number:AN4657 Application Note Rev. 0, 01/2013 Cyclic Redundant Checker Calculation on Power Architecture Technology and Comparison of Big-Endian Versus Little-Endian by:
Freescale Semiconductor Document Number: AN4478 Rev. 0, 03/2012 Software Real Time Clock Implementation on MC9S08LG32 by: Nitin Gupta Automotive and Industrial Solutions Group 1 Introduction The MC9S08LG32
Freescale Semiconductor Application Note AN2821 Rev. 2, 08/2007 etpu Host Interface by: David Paterson Ming Li MCD Applications 1 Introduction This application note discusses the enhanced Time Processing
Freescale Semiconductor Document Number:AN4616 Application Note Rev. 0, 10/2012 Flap Motor Control Based On HVAC Platform by: Shawn Shi, Albert Chen, Alex Liu 1 Introduction According to the world market
Freescale Semiconductor Document Number: AN4363 Application Note Rev. 0, 10/2011 Connecting to an SMTP Server Using the Freescale NanoSSL Client by: Paolo Alcantara Microcontroller Solutions Group 1 Introduction
Freescale Semiconductor Document Number: AN4819 Application Note Rev. 1, 10/2013 Building a Project using IAR Eclipse Plugin Processor Expert Microcontrollers Driver Suite Processor Expert Microcontrollers
Freescale Semiconductor Document Number: AN4353 Application Note Rev. 0, 9/2011 Flexible Active Shutter Control Interface using the MC1323x by: Dennis Lui Freescale Hong Kong 1 Introduction This application
Freescale Semiconductor Document Number: AN4252 Application Note Rev. 0, 4/2011 USB HID bootloader for the MC9S08JM60 by: Derek Lau System and Solution Engineering, Microcontroller Solutions Group Hong
Freescale Semiconductor Document Number: AN4341 Application Note Rev. 1, 08/2011 Using the Performance Monitor Unit on the e200z760n3 Power Architecture Core by: Inga Harris MSG Application Engineering
Freescale Semiconductor Application Note Document Number: AN4136 Rev. 0, 06/2010 Hardware Configurations for the i.mx Family USB Modules by Multimedia Applications Division Freescale Semiconductor, Inc.
Freescale Semiconductor Application Note Document Number: AN2925 Rev. 0, 11/2005 Initializing the TSEC Controller by Ahsan Kabir Digital Systems Division Freescale Semiconductor, Inc. Austin, TX This application
Freescale Semiconductor Application Note Document Number: AN4317 Rev. 0, 08/2011 How to Convert 3-Axis Directions and Swap X-Y Axis of Accelerometer Data within Android Driver by: Gang Chen Field Applications
Freescale Semiconductor Application Note Document Number: AN2628 Rev. 1, 10/2005 Programming Audio Applications in the MC9328MX21 by: Alfred Sin 1 Abstract The MC9328MX21 () processor has two dedicated
Freescale Semiconductor Application Note Document Number: AN3373 Rev. 0, 04/2007 PowerQUICC II Pro (MPC83xx) PCI Agent Initialization by: David Smith Field Application Engineering Raleigh, NC In many designs,
Freescale Semiconductor Application Note Document Number: AN3359 Rev. 0, 05/2007 Performance Monitor on PowerQUICC II Pro Processors by Harinder Rai Network Computing Systems Group Freescale Semiconductor,
Freescale Semiconductor Application Note Document Number: AN3294 Rev. 0.1, 01/2010 MC13783 Buck and Boost Inductor Sizing by: Power Management Application Team 1 Introduction The purpose of this application
Freescale Semiconductor Application Note AN2285 Rev. 2.2, 3/2008 Data Movement Between Big-Endian and Little-Endian Devices by Kyle Aubrey, Field Technical Leader Ashan Kabir, System Engineering Freescale
Freescale Semiconductor Integrated Silicon Pressure Sensor + On-Chip Signal Conditioned, Temperature Compensated and Calibrated The series piezoresistive transducer is a state-of-the-art monolithic silicon
Freescale Semiconductor Document Number:AN4675 Application Note Rev. 0, 01/2013 Using eflexpwm Module for ADC Synchronization in MC56F82xx and MC56F84xx Family of Digital Signal Controllers by: Pavel Grasblum
Improving Embedded Software Test Effectiveness in Automotive Applications Author, D Brook Document Number: CODETESTTECHWP Rev. 0 11/2005 As the automotive industry introduces more and more safety-critical,
Freescale Semiconductor Document Number: AN4272 Application Note Rev. 0, 03/2011 Generate Makefiles from Command Line Support in Eclipse-Based CodeWarrior Software by Devtech Customer Engineering Freescale
Freescale Semiconductor Application Note AN3238 Rev. 0, 02/2006 User Interface Design using CGI Programming and Boa Web Server on M5249C3 Board by: H.K. Au MCD Applications 1 Introduction This application
Freescale Semiconductor White Paper Document Number: MLPPPWP Rev. 0, 09/2010 MLPPP in the Evolving Radio Access Network by Networking and Multimedia Group Freescale Semiconductor, Inc. East Kilbride, Scotland
Freescale Semiconductor Document Number:AN4680 Application Note Rev. 0, 02/2013 PMSM Electrical Parameters Measurement by: Viktor Bobek 1 Introduction The vector control, also known as the field-oriented
Freescale Semiconductor Application Note AN1952 Rev. 0, 9/2005 Using Program Memory As Data Memory William Jiang 1. Introduction Microcontrollers with Harvard architecture have separate program and data
Techniques and Tools for Software Analysis Freescale Semiconductor Document Number: CODETESTTECHWP Rev. 0 11/2005 Understanding how software development can be optimized through the use of software analysis
Freescale Semiconductor Application Note Document Number: AN2547 Rev. 1, 11/2006 Detecting a CPM Overload on the PowerQUICC II by Qiru Zou NCSD Applications Freescale Semiconductor, Inc. Austin, TX This
Freescale Semiconductor AN2164 Rev. 4.1, 03/2007 MPC8245/MPC8241 Memory Clock Design Guidelines: Part 1 by Esther C. Alexander RISC Applications, CPD Freescale Semiconductor, Inc. Austin, TX This application
White Paper Freescale s Embedded for QorIQ P4 Series Communications Platform Document Number: EMHYPQIQTP4CPWP Rev 1 10/2008 Overview Freescale Semiconductor s QorIQ communications platform P4 series processors
Freescale Semiconductor Application Note AN1916 Rev. 2.0, 11/2005 3-Phase BLDC Motor Control with Hall Sensors Using 56800/E Digital Signal Controllers Leonard N. Elevich Contents 1. Application Benefits...1
Technical Data RF Power Field Effect Transistor N- Channel Enhancement- Mode Lateral MOSFET Designed for broadband commercial and industrial applications with frequencies up to 00 MHz. The high gain and
Freescale Semiconductor Application Note Document Number: AN4381 Rev. 0, 12/2011 Configuring the FlexTimer for Position and Speed Measurement with an Encoder by: Matus Plachy System Application Engineer,
EVERSPIN s New 2mm Exposed Pad DFN Package Meets Both SOIC-8 and DFN8 PCB Layouts This Application Note is to inform Everspin customers that a new, DFN8 package with a 2mm bottom exposed pad has been added
Freescale Semiconductor Document Number:AN4368 Application Note Rev. 1, 12/2012 USB Mass Storage Device Host Bootloader by: Derek Lau 1 Introduction Bootloader is a small program put into a device that
CodeWarrior Development Studio Floating Licensing Quick Start This quick start guide explains how to set up a floating license server of Freescale software products licensed with FLEXlm (e.g. CodeWarrior).
Freescale Semiconductor Application Note Document Number: AN3870 Rev. 0, 08/2010 Developing an Application for the i.mx Devices on the Linux Platform by Multimedia Applications Division Freescale Semiconductor,
Software Marketing, Embedded Real-Time Solutions Author, Katie Smith Document Number: BARRIERSWP Rev. 0 11/2005 The current economic climate is adding to the increasing pressure being experienced in new
Freescale Semiconductor Application Note AN1948 Rev. 1, 11/2005 Real Time Development of MC Applications using the PC Master Software Visualization Tool The PC Master Software Visualization Tool Simplifies
Freescale Semiconductor White Paper Document Number: QE128COMPWP Rev. 0, 05/2007 Comparison of MC9S08QE128 and MCF51QE128 Microcontrollers by: Scott Pape and Eduardo Montanez Systems Engineering, Freescale
HW Getting Started Guide PQ-MDS-T1 Module April 2006: Rev. 0.3 Contents Contents................................................................................. 1 About This Document.......................................................................
APPLICATION NOTE AT07175: SAM-BA Bootloader for SAM D21 Atmel SAM D21 Introduction Atmel SAM Boot Assistant (Atmel SAM-BA ) allows In-System Programming (ISP) from USB or UART host without any external
Freescale Semiconductor Application Note Rev 0, 02/2007 Implementing Positioning Algorithms Using Accelerometers by: Kurt Seifert and Oscar Camacho OVERVIEW This document describes and implements a positioning
Freescale Semiconductor Miniature I 2 C Digital Barometer The is an absolute pressure sensor with digital output for low cost applications. A miniature 5 x 3 x 1.2 mm LGA package ideally suits it for portable
nc. Order this document by MC68328/D Microprocessor and Memory Technologies Group MC68328 MC68328V Product Brief Integrated Portable System Processor DragonBall ΤΜ As the portable consumer market grows
QorIQ Advanced Multiprocessing (AMP) Series Delivers More than Moore Freescale s new QorIQ AMP series pushes the compute and energy performance envelope beyond the P4080 processor such that its performance
Freescale Semiconductor Application Note AN2666 Rev. 0, 07/2004 Genesi Pegasos II Setup by Maurie Ommerman CPD Applications Freescale Semiconductor, Inc. Austin, TX This application note is the first in
Installing Service Pack Updater Archive for CodeWarrior Tools (Windows and Linux) Quick Start SYSTEM REQUIREMENTS Hardware Operating System Intel Pentium 4 processor, 2 GHz or faster, Intel Xeon, Intel
DRM for Driver Information System on S12G128 Reference Design Document Number: DRM134 Rev. 0, 04/2012 2 Freescale Semiconductor, Inc. Contents Section Number Title Page Chapter 1 Introduction 1.1 Introduction...5
Adapting the PowerPC 403 ROM Monitor Software for a 512Kb Flash Device IBM Microelectronics Dept D95/Bldg 060 3039 Cornwallis Road Research Triangle Park, NC 27709 Version: 1 December 15, 1997 Abstract
TWR-KV31F120M Sample Code Guide for IAR Board configuration, software, and development tools Rev.0 Freescale TWR-KV31F120M Sample Code Guide for IAR KL25_LAB Contents 1 Purpose... 3 2 Getting to know the
Application note STM32F105/107 in-application programming using a USB host 1 Introduction An important requirement for most Flash-memory-based systems is the ability to update firmware installed in the
LMX9838 Firmware Release Note 1.0 Introduction The National Semiconductor LMX9838Bluetooth Serial Port module is a highly integrated radio, baseband controller, memory device, crystal, antenna and loop
3-Phase BLDC Motor Control with Hall Sensors Using the MC56F8013 Targeting User Guide 56F8000 16-bit Hybrid Controllers 56F8013BLDCUG Rev. 1 11/2005 freescale.com TABLE OF CONTENTS About This Book Audience.............................................................
Technical Data RF Power Field Effect Transistor N-Channel Enhancement-Mode Lateral MOSFET Designed for broadband commercial and industrial applications with frequencies up to 1000 MHz. The high gain and
Freescale Semiconductor Integrated Silicon Sensor On-Chip Signal Conditioned, Temperature Compensated and Calibrated The series piezoresistive transducer is a state-of-the-art monolithic silicon pressure
USER GUIDE EDBG Description The Atmel Embedded Debugger (EDBG) is an onboard debugger for integration into development kits with Atmel MCUs. In addition to programming and debugging support through Atmel
Freescale Semiconductor Application Note AN2720 Rev. 2, 04/2008 A Utility for Programming Single FLASH Array HCS12 MCUs, with Minimum RAM Overhead By Jim Williams 8/16-Bit Applications Engineering Austin,
APPLICATION DEVELOPMENT FUNDAMENTALS: TOOLS This document provides an overview of the toolchain used to develop, build, and deploy EmberZNet and Silicon Labs Thread applications, and discusses some additional
Freescale Semiconductor User s Guide Document Number: KT3467UG Rev..0, 3/008 Using the High Input Voltage Charger for Single Cell Li-Ion Batteries (KIT3467EPEVBE) Purpose This User Guide helps the Lithium-Ion
Installing Service Pack Updater Archive for CodeWarrior Tools (Windows and Linux) Quick Start SYSTEM REQUIREMENTS Processor Windows OS: Intel Pentium 4 processor, 2 GHz or faster, Intel Xeon, Intel Core,
Rev. 2 21 September 2010 Application note Document information Info Content Keywords LPC1700, Secondary USB Bootloader, ISP, IAP Abstract This application note describes how to add a custom secondary USB