In HCS12 Series MCU, encryption can be divided into two methods: complete encryption and encryption using password. These two encryption methods are used in different occasions according to the needs of users.
The so-called complete encryption is to completely protect the chip and shield all read operations of the chip. In MC9S12DP256, encryption is realized by programming a flash unit ($ff0f). After encryption, the read operation of flash by BDM programmer is forbidden.
With complete encryption, the possibility of reading ROM code is not existed, which is the most “safe” encryption method. If the user
If you want to modify the contents of ROM, the only way is to erase all the contents of flash. This operation can be completed by BDM programmer.
The process of erasing flash ROM and EEPROM by using BDM programmer is basically the same as that of erasing flash ROM on chip in normal mode. The difference is that the read and write of register or storage unit should be realized by BDM command instead. Through BDM programmer, a series of complete erase instruction sequence is sent to MCU, and the contents of flash ROM and EEPROM can be erased completely.
After the full erase operation is completed, the BDM programmer will reset the system, and the system will automatically check whether the full erase operation is successful. If successful, the unsec bit of BDM status register will be automatically set to “1”, and the system will enter the decryption state.
Because the system depends on checking whether the flash ROM and EEPROM are empty to determine whether the system keeps the encryption state, if the user program accidentally erases all the contents of the flash ROM and EEPROM, the system will also automatically decrypt.
Encryption using passwords
In order to make it possible to read ROM code, users can use an encryption method with password. When decrypting, users can read and write ROM without destroying its contents as long as they give the correct password (called “back door password”).
Using this method, users need to set a password of 4 words before encryption, and store it in flash. The flash address of MC9S12DP256 is from $ff00 to $ff07. The set password can be downloaded to the chip with the user program.
When decrypting, only one user interface program can complete the work of receiving and verifying the password entered by the user, and BDM programmer cannot be used. There are no restrictions on the interface mode, such as SCI, SPI, IIC, MSCAN, etc. as long as the user can input the correct password, any interface mode is OK, and the most typical interface is serial port.
Assuming that the received password exists in the variables key0-key7, the password verification procedure is as follows:
* TEST KEYS
BSET FCNFG，$20 ; Set keyacc to 1
Flexible use of encryption and decryption method with password
Through the research, we found that the use of encryption with password seems to leave the possibility of cracking the code, but because the acceptance and verification of the password need to be completed by the user program, as long as the user program design is reliable, this possibility is very small.
In order to enhance the reliability and flexibility of user interface program, we propose the following design ideas
Countermeasures for exhaustive password: the password of MC9S12DP256 is up to 8 bytes. If the password is not limited to the range of ASCII code, the number of passwords that can be selected will reach 1.8 * 1019. In order to prevent the cracker from exhausting the password, the user can set the number of times allowed to enter the wrong password. If the error exceeds a certain number of times, the interface program will no longer receive the new password. The number of errors allowed can be considered according to the security needs and the convenience of use.
Flexible external interface: when using password encryption and decryption, there are no restrictions on the external interface used by the user program. The serial port program in this paper is just an example. MC9S12DP256 integrates many interface modules, such as SCI, SPI, IIC, MSCAN, J1850 and so on. Users can choose which interface to use according to convenience and security, which will make it difficult for the cracker to start.
User program level password verification: users can also add a level of password verification steps to the interface program. Only through the password verification, can further input the decrypted password. Because after encryption, flash ROM can’t read and write, user program can also save the added password to flash for verification. In addition, if a module is to be used as an interface for receiving passwords and for other purposes, it should also have an interactive interface for users to select the purpose of the module before use.
Remote encryption and decryption: in many cases, the user’s control of MCU is realized through Ethernet and other media. As long as there is a corresponding interface program, the MCU can be encrypted and decrypted remotely, which will undoubtedly bring great convenience to the user’s work.