Development Support
MC68HC908QYA/QTA Family Data Sheet, Rev. 1
154
Freescale Semiconductor
15.3.2 Security
A security feature discourages unauthorized reading of FLASH locations while in monitor mode. The host
can bypass the security feature at monitor mode entry by sending eight security bytes that match the
bytes at locations $FFF6–$FFFD. Locations $FFF6–$FFFD contain user-defined data.
NOTE
Do not leave locations $FFF6–$FFFD blank. For security reasons, program
locations $FFF6–$FFFD even if they are not used for vectors.
During monitor mode entry, the MCU waits after the power-on reset for the host to send the eight security
bytes on pin PTA0. If the received bytes match those at locations $FFF6–$FFFD, the host bypasses the
security feature and can read all FLASH locations and execute code from FLASH. Security remains
bypassed until a power-on reset occurs. If the reset was not a power-on reset, security remains bypassed
Upon power-on reset, if the received bytes of the security code do not match the data at locations
$FFF6–$FFFD, the host fails to bypass the security feature. The MCU remains in monitor mode, but
reading a FLASH location returns an invalid value and trying to execute code from FLASH causes an
illegal address reset. After receiving the eight security bytes from the host, the MCU transmits a break
character, signifying that it is ready to receive a command.
NOTE
The MCU does not transmit a break character until after the host sends the
eight security bytes.
Figure 15-18. Monitor Mode Entry Timing
To determine whether the security code entered is correct, check to see if bit 6 of RAM address $80 is
set. If it is, then the correct security code has been entered and FLASH can be accessed.
If the security sequence fails, the device should be reset by a power-on reset and brought up in monitor
mode to attempt another entry. After failing the security sequence, the FLASH module can also be mass
erased by executing an erase routine that was downloaded into internal RAM. The mass erase operation
clears the security code locations so that all eight security bytes become $FF (blank).
BYTE
1
BYTE
1
ECHO
BYTE
2
BYTE
2
ECHO
BYTE
8
BYTE
8
ECHO
COMMAND
COMMAN
D
EC
HO
PA0
RST
VDD
4096 + 32 CGMXCLK CYCLES
1
3
1
2
1
BR
EAK
Notes:
2 = Data return delay, approximately 2 bit times
3 = Wait 1 bit time before sending next byte
3
FROM HOST
FROM MCU
1 = Echo delay, approximately 2 bit times
4
4 = Wait until clock is stable and monitor runs