Unbricking a secured Freescale K20
Due to the… interesting behavior of OpenOCD’s K20 FLASH writing algorithm, you can sometimes end up in a situation where you inadvertently end up with a secured chip. In particular, if your image doesn’t explicitly write to the FLASH configuration block (which starts at 0x400) but writes anywhere in the sector that contains it, OpenOCD will erase the sector without zeroing the configuration fields. Bam… secured chip.
Thankfully recovering from this is quite simple:
Simply hold SRST low and run
kinetis mdm mass_erase from the OpenOCD console (e.g.
nc localhost 4444). You’ll see something like this,
> kinetis mdm mass_erase kinetis mdm mass_erase Polling target k20.cpu succeeded again, trying to reexamine k20.cpu: hardware has 6 breakpoints, 4 watchpoints target state: halted target halted due to debug-request, current mode: Thread xPSR: 0x01000000 pc: 0xfffffffe msp: 0xfffffffc >
Yay! Unbricked chip!