Security protection in Motorola Microcontrollers

    No security feature is absolutely secure. However, Motorola's strategy is to make reading or copying the FLASH difficult for unauthorized users. The Motorola 8/16 bit microcontrollers are becoming more flexible and powerful. At the same time attention to the hardware security against unautorised access stay insufficient. As a result microcontrollers facility based on some of MC68Hc05, MC68HC08, MC68HC12 family have been already broken.

• MC68HC05B family microcontrollers:

    The register OPTR (Options register) located at address $0100, contains the secure and protect functions for EEPROM and allows user to select this options. Bit 0 Security bit (SEC) is high security bit allows the user to secure the EEPROM data from external accesses. When the SEC bit is at "0", the EEPROM contents are secured by preventing any entry to test mode. The only way to erase the SEC bit to "1" externally is to enter self-check mode* (see document hc05b6.pdf), at which time the entire EEPROM contents will be erased. When the SEC bit is changed, its new value will have no effect until the next external or power-on reset.
The MC68HC(7)05B,X EEPROM programming tool supported by-pass security function
*The self-check mode not implemented on MC68HC705B and MC68HC7(05)X MCUs.

• MC68HC11 family microcontrollers:

    The CONFIG register actually consist of an EEPROM byte (separate from the N-byte* EEPROM array), a static register that holds the configuration information during operation, and the associated logic, which controls the transfer of information from EEPROM byte to the working static register. Programming and erasure of this register use the same logic used for programming and erasure of the N-Byte* EEPROM array. Reads of this register return the contents of the static working register, not the EEPROM byte. During any reset, the contents of the EEPROM byte are transferred to the working static register over the data bus. Due to this mechanism, changes to the EEPROM CONFIG location are not visible and do not alter the operation of the MCU until after a subsequent reset. Some versions of the MC68HC11 family allow the CONFIG working register to be written directly as a normal control register while operating in the special mode variations. Bit 3 No Security bit (NOSEC). A special security feature is available on the mask based versions of MC68HC11 family. Once this feature is enabled at the mask-programming level, the user activates it by programming the NOSEC bit to "0". While NOCES is "0" the MCU can only be reset in single chip modes (normal single chip or special bootstrap). This restriction is accomplished by forcing the MDA control bit to zero rather than allowing it to follow the MODA pin level at the rising edge of RESET. By disallowing expanded modes, a software pirate is prevented from seeing the data in EEPROM or RAM because there is no external address/data bus in single chip mode. The software pirate can see what in the on-chip ROM by disabling the security option, which can only accomplished after the contents of EEPROM and RAM have been erased. Therefore for the avoidance of very difficult disassemble work use complete decision embodied on MC68HC11E9/A8 EEPROM programming tool or MC68HC11KA1/KA4/PA8/P2 EEPROM programming tool.
* Note N-byte: 512 byte of EEPROM of MC68HC11E9, MC68HC11A8 and etc.
640 byte of EEPROM of MC68HC11KA4, MC68HC11P2 and etc.

• MC68HC9(08) family microcontrollers

    The custom-masked ROM microcontrollers (MC68HC08 family) and FLASH based microcontrollers (MC68HC908 family) has some differences in protection program data.
For custom-masked devices ($001F Mask option register CONFIG-1, in case of MC68HC08AZ60 as example). Bit 6 ROMSEC - ROM Security Bit. ROMSEC enables the ROM security feature. Setting the ROMSEC bit prevents reading of the ROM contents. Access to the ROM is denied to unauthorized users of customer-specified software. 1 = ROM security enabled 0 = ROM security disabled. A security feature discourages unauthorized reading of ROM locations while in monitor mode. The host can bypass the security feature at monitor mode entry by sending eight security bytes that match the bytes at locations $FFF6-$FFFD. Locations $FFF6-$FFFD contain user-defined data. If the received bytes match those at locations $FFF6-$FFFD, the host bypasses the security feature and can read all ROM locations and execute code from ROM. Security remains bypassed until a power-on reset occurs. After the host bypasses security, any reset other than a power-on reset requires the host to send another eight bytes. If the reset was not a power-on reset, the security remains bypassed regardless of the data that the host sends. If the received bytes do not match the data at locations $FFF6-$FFFD, the host fails to bypass the security feature. The MCU remains in monitor mode, but reading ROM locations returns undefined data, and trying to execute code from ROM causes an illegal address reset. After the host fails to bypass security, any reset other than a power-on reset causes an endless loop of illegal address resets. After receiving the eight security bytes from the host, the MCU transmits a break character signaling that it is ready to receive a command. The MCU does not transmit a break character until after the host sends the eight security bytes.
For FLASH based devices (MC68HC908AZ60 as example). A security feature prevents viewing of the FLASH contents. A security feature discourages unauthorized reading of FLASH locations while in monitor mode. The host can bypass the security feature at monitor mode entry by sending eight security bytes that match the bytes at locations $FFF6-$FFFD. Locations $FFF6-$FFFD contain user-defined data. During monitor mode entry, the MCU waits after the power-on reset for the host to send the eight security bytes on pin PA0. If the received bytes match those at locations $FFF6-$FFFD, the host bypasses the security feature and can read all FLASH locations and execute code from FLASH. Security remains bypassed until a power-on reset occurs. After the host bypasses security, any reset other than a power-on reset requires the host to send another eight bytes. If the reset was not a power-on reset, the security remains bypassed regardless of the data that the host sends. If the received bytes do not match the data at locations $FFF6-$FFFD, the host fails to bypass the security feature. The MCU remains in monitor mode, but reading FLASH locations returns undefined data, and trying to execute code from FLASH causes an illegal address reset. After the host fails to bypass security, any reset other than a power-on reset causes an endless loop of illegal address resets. After receiving the eight security bytes from the host, the MCU transmits a break character signaling that it is ready to receive a command. The MCU does not transmit a break character until after the host sends the eight security bytes. For the avoidance of very difficult research work use complete decision embodied on MC68HC908AZ60 FLASH/EEPROM programmer.

• MC68HC912 family microcontrollers

    No security features. Single-wire background debug mode (BDM) realized on all models in this family. BDM is implemented in on-chip hardware and provides a full set of debug operations. More information about Shadow word see 912_9S12_mqt.pdf. For unlocking BDM feature use MC68HC912/9S12 FLASH/EEPROM programmer.

• HCS12 family microcontrollers

    The MCUs will make available a security feature preventing the unauthorized read and write of the memory contents. This feature allows protection of the contents of FLASH, protection of the contents of EEPROM, operation in single-chip mode, operation from external memory with internal FLASH and EEPROM disabled. The user must be reminded that part of the security must lie with the user's code. An extreme example would be user's code that dumps the contents of the internal program. This code would defeat the purpose of security. At the same time the user may also wish to put a back door in the user's program. An example of this is the user downloads a key through the SCI which allows access to a programming routine that updates parameters stored in EEPROM. Once the user has programmed the FLASH and EEPROM (if desired), the part can be secured by programming the security bits located in the FLASH module For more information see 912_9S12_mqt.pdf. These non-volatile bits will keep the part secured through resetting the part and through powering down the part. The security byte resides in a portion of the Flash array. Check the Flash Block User Guide for more details on the security configuration. The Normal Single Chip mode is most common usage of the secured part. Everything will appear the same as if the part was not secured with the exception of BDM operation. The BDM operation will be blocked. Executing from external memory: the user may wish to execute from external space with a secured microcontroller. This is accomplished by resetting directly into expanded mode. The internal FLASH and EEPROM will be disabled. BDM operations will be blocked. For un secure of the microcontroller internal FLASH and EEPROM must be erased. This can be done through an external program in expanded mode. Once the user has erased the FLASH and EEPROM, the part can be reset into special single chip mode .This invokes a program that verifies the erasure of the internal FLASH and EEPROM. Once this program completes, the user can erase and program the FLASH security bits to the unsecured state. This is generally done through the BDM, but the user could also change to expanded mode (by writing the mode bits through the BDM) and jumping to an external program (again through BDM commands). Note that if the part goes through a reset before the security bits are reprogrammed to the un secure state, the part will be secured again. The MC68HC912/9S12 FLASH/EEPROM programmer by pass Memory security bits conditions.