**************************************************************************** **************************************************************************** ** ** ** Application notes for Motorola/FreeScale Microcontrollers ** ** (Informal Document) ** ** ** ** To find the application notes specfic for your device search for the ** ** 'core' part name. As an example using the MC908AS60ACFN 52 pin PLCC ** ** you would search on '908AS60A' ** ** ** **************************************************************************** **************************************************************************** ************************************************************************ 68701 ---------- 68701U4 ---------- 68HC711D3 ---------- This device's memory map is offset to start at User Memory address 0000 hex. The EPROM memory block starts at User Memory 0000 and is translated to device address F000 hex during a program operation. A load operation will read device address F000 hex and translate address 0000 to User Memory. The window on the device must be covered with an opaque label during any operation (if UV erasable part). ************************************************************************ 68HC805B6 ---------- 68HC805C4 ---------- Memory map is offset to begin at User Memory address 0000 hex. Corresponding device address is 20 hex. ************************************************************************ 68HC705CJ4 ---------- Blank state of byte: FF hex The device memory map corresponds directly to the User's RAM. The checksum is calculated only from the main array and users vectors. Data in ProgramMer's User RAM is partitioned as follow: 1000 hex - 1EFF hex Main array (EPROM) 1FF0 hex - 1FFF hex User vectors (EPROM) The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705SR3 ---------- Blank state of the User EPROM byte: FF hex Blank state of MOR byte: usually 00 hex. The device memory map corresponds directly to the User's RAM. The checksum is calculated: All EPROM/ROM bytes + User Vectors + MOR. Data in the programmer's User Memory is partitioned as follows: MOR 0FFF hex programmable (see notes) USER EPROM - 1000 - 1EFF hex programmable USER VECTORS - 1FF0 - 1FFF hex programmable Bits in the MOR register (at address 0FFF hex) are as follow: bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 bit 0 ---------------------------------------------------------------- x x SMD SEC TMR2 TMR1 TMR0 RC Bit #4 in the MOR register (address 0FFF hex) is the security bit. If the Security Option in the PROGRAM MEMORY DEVICE screen is enabled, the security bit in the MOR register is programmed and the part is secured regardless of the value of the SEC bit in the datafile (Programmer's User RAM). The secured part can not be read, verified or programmed. The same can happen when some other bits in MOR are programmed (especially SMD bit). Verification of the security bit is done only after programing when the Security Option in the PROGRAM MEMORY DEVICE screen is enabled. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705JP7 / 68HC705JJ7 /68HCR705JP7 ------------------------------------ Blank state of the User EPROM byte: 00 hex Blank state of COPR byte: usually 70 hex (can be different) The device memory map corresponds directly to the User's RAM. The checksum is calculated from the whole memory space (0000 hex - 207F hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex priorloading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master devic or download the data file. Data in the programmer's User Memory is partitioned as follows: USER EPROM - 0700 - 1EFF hex programmable COPR - 1FF0 hex programmable MOR - 1FF1 hex programmable USER VECTORS - 1FF2 - 1FFF hex programmable PEPROM (personality) - 2000 - 207F hex programmable Bits in the COPR register (at address 1FF1 hex) are as follow: bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 bit 0 ---------------------------------------------------------------- EPMSEC x x x x x x COPC Bit #7 in the COPR register (address 1FF0 hex) is the security bit. If the Security Option in the PROGRAM MEMORY DEVICE screen is enabled, the security bit in the COPR register is programmed and the part is secured regardless of the value of the SEC bit in the datafile (Programmer's User RAM). If the secured part is read, the bytes in the main array are usually 00 hex. To see if the part is secured, load the part and inspect COPR register value in the programmer's User Memory. The secured part has bit #7 in COPR register (adr. 1FF0 hex) set to '1'. Verification of the security bit is done only after programing when the Security Option in the PROGRAM MEMORY DEVICE screen is enabled. Bit #0 in the COPR register is the COPC bit. It will not be programmed. COPR register is not programmed/verified during programming/verify. On some devices the blank state of COPR register is different than 00h. Usually the blank value of COPR is 70 hex. Secured part has in this case COPR value F0 hex. Personality module resides in user's ram as follows : 00 08 10 18 20 28 30 38 2000 xx xx xx xx xx xx xx xx row0 2010 xx xx xx xx xx xx xx xx row1 2020 xx xx xx xx xx xx xx xx row2 2030 xx xx xx xx xx xx xx xx row3 2040 xx xx xx xx xx xx xx xx row4 2050 xx xx xx xx xx xx xx xx row5 2060 xx xx xx xx xx xx xx xx row6 2070 xx xx xx xx xx xx xx xx row7 c0 c1 c2 c3 c4 c5 c6 c7 The PEPROM map corresponds to the map of the Motorola programmer. Data for locations marked as xx can be 00 hex or 01 hex. Locations marked as 00 should be filled with 00 hex. The checksum is calculated over all 2080 hex Memory locations! The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705L5 --------- Blank state of byte: FF hex The device memory map corresponds directly to the User's RAM. The checksum is calculated only from the main array and users vectors. Data in ProgramMer's User RAM is partitioned as follow: 1000 hex - 2FFF hex Main array (EPROM) 3FF0 hex - 3FFF hex User vectors (EPROM) The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705L16 ---------- Blank state of byte: FF hex The device memory map corresponds directly to the User's RAM. The checksum is calculated only from the main array and users vectors. Data in Programmer's User RAM is partitioned as follow: 1000 hex - 4FFF hex Main array (EPROM) FFF0 hex - FFFF hex User vectors (EPROM) The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. Two pass verify is preferable for volume programming. ************************************************************************ 68HC705L32 ---------- Blank state of byte: FF hex The device memory map corresponds directly to the User's RAM. The checksum is calculated only from the main array and users vectors. Data in Programmer's User RAM is partitioned as follow: 1000 hex - 8FFF hex Main array (EPROM) FFF0 hex - FFFF hex User vectors (EPROM) The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. Two pass verify is preferable for volume programming. ************************************************************************ 68HC705F4 ---------- The device memory map corresponds directly to the User's RAM. The checksum is calculated only from the EEPROM, main array and users vectors. Data in Programmer's User RAM is partitioned as follow: 0200 hex - 02FF hex EEPROM (blank = FF hex) 2000 hex - 3DFF hex Main array (EPROM) (blank = 00 hex) 3FF0 hex - 3FFF hex User vectors (EPROM) (blank = 00 hex) When erasing EEPROM and EPROM is not blank, there can be message : 'DEVICE NOT BLANK'. This is because both arrays are blank checked after erase. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705P6 ---------- Blank state of byte: 00 hex The device memory map corresponds directly to the User's RAM. The checksum for algorithm 705P6-E20Y is calculated only from EPROM #1, EPROM #2, MOR, and users vectors. The checksum for algorithm 705P6-E98K is calculated from the whole memory space (0000 hex - 1FFF hex.) Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex User EPROM #1 0100 hex - 12FF hex User EPROM #2, Main array 1F00 hex MOR register (EPROM cell) 1FF0 hex - 1FF7 hex Unused (EPROM cells) 1FF8 hex - 1FFF hex User vectors (EPROM) Bit #7 in MOR register is not programmable. Be sure that this bit is set to '0'. That means that the data at address 1F00 hex can be in the range 00 hex to 7F hex. Devices with the E98K mask set (old devices) should use the menu entry 705P6-E98K. This algorithm uses 2 pass programming. Devices with the E20Y mask can use a 1 pass programming algorithm. The menu entry is 705P6-E20Y. This algorithm is faster. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705P9 ---------- Blank state of the byte: 00 hex The device memory map corresponds directly to the User's RAM The checksum is calculated from the whole memory space (0000 hex - 1FFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex User EPROM page 0 0100 hex - 08FF hex User EPROM/the main array 0900 hex MOR register (EPROM cell) 1FF0 hex - 1FFF hex User vectors (EPROM cells) All bits in MOR register are programmable, but only bits 0,1 and 2 are used. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC05P18 ---------- Blank state of the byte: FF hex The device memory map corresponds directly to the User's RAM The checksum is calculated from the whole memory space (0000 hex - 3FFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. Data in Programmer's User RAM is partitioned as follow: 0140 hex - 01BF hex EEPROM NOTE: Always enable at least one pass verify when programming. When reprogramming the EEPROM, enable "ERASE EE DEVICE" in the programming screen. ************************************************************************ 68HC805P18 ---------- Blank state of the byte: FF hex The device memory map corresponds directly to the User's RAM The checksum is calculated from the whole memory space (0000 hex - 3FFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex ** User EEPROM page 0 0140 hex - 01BF hex EEPROM 1FC0 hex - 3EFF hex ** User EEPROM/the main array 3F00 hex ** MOR1 register (EEPROM cell) 3F01 hex ** MOR2 register (EEPROM cell) 3FF0 hex - 3FFF hex ** User vectors (EPROM cells) There are two algorithms for 68HC805P18: 1. 805P18 algorithm The algorithm 805P18 programs only locations marked with '**'. The 805P18 algorithm does not support load, verify or blank check. Bulk Erase routine erases only locations marked with '**'. Locations marked with '**'are erased automatically before the part is programed, therefore disable "ERASE EE DEVICE" on the programing screen. The device is verified once in the programing routine even if the user selects 2 pass verify. That means the user can select "VERIFY PASSES" = 0 on the programing screen. 2. 805P18-SP algorithm (-SP stands for special algorithm) The algorithm 805P18-SP programs the whole device, but only EEPROM at 0140 hex - 01BF hex can be read, blank checked or verified. Bulk Erase routine erases and blank checks the whole device. The device is erased automatically before the part is programmed, therefore disable "ERASE EE DEVICE" on the programing screen. Also disable "BLANK CHECK" in the programming screen. The whole device is verified once in the programming routine. If the user selects 1 or 2 pass verify, only the EEPROM at 0140 hex - 01BFhex is verified during those passes. NOTE: In the case you do not see "Erase EE Device" and "Verify Passes" options on the programming screen press F4 key. ************************************************************************ 68HC705E5 ---------- Blank state of the byte: 00 hex The device memory map corresponds directly to the User's RAM The checksum is calculated from the whole memory space (0000 hex - 1FFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. Data in Programmer's User RAM is partitioned as follow: 0B00 hex - 1EFF hex User EPROM/the main array 1F00 hex MOR register (EPROM cell) 1FF0 hex - 1FFF hex User vectors (EPROM cells) All bits in MOR register are programmable, but only bits 0,1,2,3 and 4 are used. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705E1 ---------- Blank state of the byte: 00 hex The device memory map corresponds directly to the User's RAM The checksum is calculated from the whole memory space (0000 hex - 1FFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. Data in Programmer's User RAM is partitioned as follow: 0F00 hex - 1EFF hex User EPROM/the main array 1F00 hex MOR register (EPROM cell) 1FF0 hex - 1FFF hex User vectors (EPROM cells) All bits in MOR register are programmable, but only bits 0,1,2, and 3 are used. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705C8 ---------- The microcontroller has the security bit programming capability. See note #1. Blank state of the byte: 00 hex The checksum is calculated from the whole memory space (0000 hex - 1FFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The device memory map corresponds directly to the User's RAM Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex User EPROM 0 0100 hex - 015F hex User EPROM 1 0160 hex - 1EFF hex User EPROM main array 1FDF hex OPTION register (see Note #1) 1FF4 hex - 1FFF hex users vectors (EPROM cells) The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE #1: Only one bit (the security bit) in the OPTION register is EPROM cell. This register is not loaded, verified or programmed. The OPTION register data from your data file or your master device is ignored by the programmer. To secure the device, enable the Security Option in the Program Memory Device Options screen. If the Security Option is enabled, the security bit in the OPTION register is programmed and the part is secured. NOTE #2: Always enable at least one pass verify when programming. ************************************************************************ 68HC705C8A ---------- The microcontroller has the security bit programming capability. See note #1. Blank state of the byte: 00 hex The checksum is calculated from the whole memory space (0000 hex - 1FFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The device memory map corresponds directly to the User's RAM. Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex User EPROM 0 0100 hex - 015F hex User EPROM 1 0160 hex - 1EFF hex User EPROM main array 1FDF hex OPTION register (see Note #1) 1FF0 hex - 1FFF hex users vectors and MOR registers (EPROM cells) The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE #1: Only one bit (the security bit) in the OPTION register is EPROM cell. This register is not loaded, verified or programmed. The OPTION register data from your data file or your master device is ignored by the programmer. To secure the device, enable the Security Option in the Program Memory Device Options screen. If the Security Option is enabled, the security bit in the OPTION register is programmed and the part is secured. NOTE #2: Always enable at least one pass verify when programming. NOTE #3: In the case of high fall out when using PPI adapter, use 0.1 uF capacitors on Vcc, ground and Vpp pins. 40 PIN DIP 44 PIN PLCC ----------- ------------- Vcc 40 44 gnd 20 22 Vpp 3 4 ************************************************************************ 68HC705C9A ---------- Blank state of the byte: 00 hex The microcontroller has the security bit programming capability. Reading the secured part usually results in reading 00, 01, 02, 03, 04, 05, ..., FF hex pattern from the device. The value of bit #7 of C12MOR register (adr. 3FF1 hex) is usually read as '1' on secured devices. The value of C12MOR register (adr. 3FF1 hex) is 8x hex on secured devices and 0x hex on not secured devices (x stands for any value in range 0 to F hex). The checksum is calculated from the whole memory space (0000 hex - 3FFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The device memory map corresponds directly to the User's RAM. Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex User EPROM 0 0100 hex - 017F hex User EPROM 1 0180 hex - 3EFF hex User EPROM main array 3FF0 hex PBMOR (EPROM cell) 3FF1 hex C12MOR (EPROM cell) 3FF2 hex - 3FFF hex users vectors (EPROM cells) A special care has to be given to the C12MOR register at address 3FF1 hex. Check if your data file has a proper value in that register. Bits in the C12MOR register (at address 3FF1 hex) are as follow: bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- SEC 0 0 0 C12COPE STOPDIS C12IRQ C12A | | ----- unused---- Bit #7 in the C12MOR register is the security bit. The secure the device, enable the Security Option in the Program Memory Device Options screen. If the Security Option is enabled, the security bit in the C12MOR register is programmed and the part is secured regardless of the value of the SEC bit in the data file (Programmer's User RAM). Bit #0 (C12A) should be set to '0' in your data file. If the bit is set to '1' the device will be program as 705C12A device and verify error can occur. Always enable at least one pass verify when programming. The window on the device must be covered with an opaque label during any operation on UV erasable parts. ************************************************************************ 68HC705D32A ---------- The microcontroller has the security bit programming capability. See note #1. Blank state of the byte: 00 hex The checksum is calculated from the whole memory space (0000 hex - 7FFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The device memory map corresponds directly to the User's RAM. Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex User EPROM 0 0100 hex - 017F hex User EPROM 1 0180 hex - 7EFF hex User EPROM main array 7FDE hex MOR register (see Note #1) 7FF0 hex - 7FFF hex users vectors and MOR registers (EPROM cells) The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE #1: Only four bits in the MOR register are programmable. bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- EPWOI 0 DCSEL 0 0 0 SEC1 SEC0 Bits #2, #3, #4 and #6 are unused bits. They are usually loaded as '0's. These bits are not verified, blank checked or programmed. To see the content of the MOR register, read (load) the device. The bit #0 in the MOR is programmed automatically to '1' when any operation on the programmer is performed (even when the part is read). That means that the blank part will have the sumcheck 0001 hex. instead of 0000 hex. Bit #2 is the main security bit. To secure the device, enable the Security Option in the Program Memory Device Options screen. If the Security Option is enabled, the security bit #2 in the MOR register is programmed and the part is secured. NOTE #2: Always enable at least one pass verify when programming. ************************************************************************ 68HC705C4A ---------- The microcontroller has the security bit programming capability. See note #1. Blank state of the byte: 00 hex The checksum is calculated from the whole memory space (0000 hex - 1FFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The device memory map corresponds directly to the User's RAM. Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex User EPROM 0 0100 hex - 10FF hex User EPROM main array 1FDF hex OPTION register (see Note #1) 1FF0 hex - 1FFF hex users vectors and MOR registers (EPROM cells) The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE #1: Only one bit (the security bit) in the OPTION register is EPROM cell. This register is not loaded, verified or programmed. The OPTION register data from your datafile or your master device is ignored by the programmer. To secure the device, enable the Security Option in the Program Memory Device Options screen. If the Security Option is enabled, the security bit in the OPTION register is programmed and the part is secured. NOTE #2: Always enable at least one pass verify when programming. ************************************************************************ 68HC705B5 ---------- Blank state of byte: 00 hex Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex Page 0 User EPROM 0100 hex - 01FF hex User EPROM #1 0800 hex - 1EFD hex User EPROM, main array 1EFE hex OPTR (Option register, EPROM cell) 1EFF hex Unused, EPROM cell 1FF0 hex - 1FFF hex User vectors (EPROM) Bit #7 (SECE) in the OPTR register (address 1EFE hex.) must be set to '0'. The security feature is not fully implemented yet. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC711PH8 ---------- Blank state of byte: FF hex (both EPROM and EEPROM) Data in Programmer's User RAM is partitioned as follow: 003F hex config. register (EEPROM cell) 0D00 hex - 0FFF hex EEPROM 4000 hex - FFFF hex EPROM (not on 68HC11PH8) A special care has to be given to the configuration register at address 003F hex.. It is EEPROM byte and can be erased. To determine the blank state of the config. reg., load the blank device and look at location 003F hex. Bit #3 (NOSEC) protects the contents of EEPROM and EPROM from unauthorized acces. A mask option determines whether the security feature is available or not. If the security feature is available, then bit #3 can be set to '0'. Othervise, the bit is set permanently to '1', disabling the security. 68HC11PH8 is a mask version of 68HC711PH8. The EPROM is replaced with ROM. The algorithm for this device reads/verifies/programs only EEPROM cels. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705E6 ---------- Blank state of EEPROM byte: FF hex Blank state of EPROM byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 0100 hex - 019F hex EEPROM 0700 hex - 1EFF hex User EPROM 1FF0 hex - 1FFF hex User vectors (EPROM) When erasing EEPROM and EPROM is not blank, there can be message : 'DEVICE NOT BLANK'. This is because both arrays are blank checked after erase. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705MC4 ---------- Blank state of EPROM byte: FF hex Blank state of MOR byte : 00 hex The checksum is calculated from the whole memory space (0000 hex - 0FFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. Data in Programmer's User RAM is partitioned as follow: 0100 hex - 0EFF hex EPROM (programmable) 0F00 hex MOR (programmable) 0FF0 hex - 0FFF hex User Vectors (programmable) A special care has to be given to the MOR location at address 0F00 hex. It is an EPROM byte and it can be erased on UV erasable parts. Only bit #0 (COPE bit, watchdog) is used. The blank state of MOR is 00 hex. The programmed MOR has value 01 hex. Ask the design engineer if the COPE bit should be programmed. Before programming parts, check location 0F00 hex in the Programmer's User RAM if this location has the right value in it. After downloading a master device into the Programmer's User RAM, use VERIFY DEVICE with a two pass verify option enabled. The content of the Programmer's User RAM will be compared to the master device at low Vcc and then at at high Vcc. If there are no errors, proceed with programming. It is recommended to check the MOR location (0F00 hex) if it has the correct value. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable a two pass verify when programming. NOTE: Some noisy devices may require a bypass capacitor on Vpp pin. These noisy devices usually cause an overcurrent error when programmed without the bypass capacitor. Also capacitors on Vcc and ground pins may help. On SOIC package: Vpp = pin #10, GND = pin #6, Vcc pin #4. ************************************************************************ 68HC705P3 ---------- Blank state of EEPROM byte: FF hex Blank state of EPROM byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 0100 hex - 017F hex EEPROM 0300 hex - 0EFF hex User EPROM 0FF0 hex - 0FFF hex User vectors (EPROM) When erasing EEPROM and EPROM is not blank, there can be message : 'DEVICE NOT BLANK'. This is because both arrays are blank checked after erase. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705P6A ---------- The microcontroller has security bit programming capability. See note #1. Blank state of the EPROM byte: 00 hex The checksum is calculated from the whole memory space (0000 hex - 1FFF hex). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 hex locations with 00h and then load your master device or download the data file. The device memory map corresponds directly to the User's RAM. Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex User EPROM 0100 hex - 12FF hex User EPROM main array 1EFF hex MOR1 register 1F00 hex MOR2 register (see Note #1) 1FF0 hex - 1FFF hex users vectors (EPROM cells) The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE #1: Bit #7 in the MOR2 register is a security bit and it is not verified. The security bit data in MOR2 from your datafile is ignored by the programmer. To secure the device (to program the security bit in MOR2), enable the Security Option in the Program Memory Device Options screen. If the Security Option is enabled, the security bit in the MOR2 register is programmed and the part is secured. Reading the secured part results in reading 00, 01, 02, 03, 04, 05, ..., FF hex pattern from the device. NOTE #2: Always enable at least one pass verify when programming. ************************************************************************ 68HC708XL36 ----------- Blank state of EPROM byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device) 6E00 hex - FDFF hex User EPROM FFDE hex - FFFF hex User vectors (EPROM) Check Programmer's User RAM if your data is placed correctly. No block limits allowed. Do not try partial operations. The checksum is calculated from the User EPROM and the User vectors only. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Security: Locations 0000 hex to 0007 hex in the Programmer's User RAM must contain your security code. The security code must be the same as the code you programmed to the device at locations FFF6h to FFFDh. Even blank devices are secured. For the blank devices the security code is eight 00h bytes. operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. NOTE: Some older mask devices do not have security feature implemented. ************************************************************************ 68HC708MP16 ----------- Blank state of EPROM byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device) BE00 hex - FDFF hex User EPROM FFD2 hex - FFFF hex User vectors (EPROM) The checksum is calculated from the User EPROM and the User vectors only. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Security: Locations 0000 hex to 0007 hex in the Programmer's User RAM must contain your security code. The security code must be the same as the code you programmed to the device at locations FFF6h to FFFDh. Even blank devices are secured. For the blank devices the security code is eight 00h bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write 00h into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM differnt than 00h. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. NOTE: Some older mask devices do not have security feature implemented. ************************************************************************ 68HC708MP16 ----------- Blank state of EPROM byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device) BE00 hex - FDFF hex User EPROM FFD2 hex - FFFF hex User vectors (EPROM) The checksum is calculated from the User EPROM and the User vectors only. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Security: Locations 0000 hex to 0007 hex in the Programmer's User RAM must contain your security code. The security code must be the same as the code you programmed to the device at locations FFF6h to FFFDh. Even blank devices are secured. For the blank devices the security code is eight 00h bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write 00h into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM differnt than 00h. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. NOTE: Some older mask devices do not have security feature implemented. ************************************************************************ 68HC708AS20 / 68HC08AS20 ------------------------ 68HC08AS20 is a mask version of 68HC708AS20 Blank state of EEPROM byte : FF hex Blank state of EPROM byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device) 0800 hex - 09FF hex ** EEPROM (EEPROM cell) AE00 hex - FDFF hex EPROM (EPROM cels) FE1C hex ** EENVR (EEPROM cell) FFDC hex - FFFF hex User vectors (EPROM cels) 68HC08AS20 is a mask version of 68HC708AS20. The EPROM is replaced with ROM. The algorithm for this device reads/verifies/programs only EEPROM cels marked with **. The EENVR register blank state is FF hex. On most devices it can not be programmed to 00 hex, only to 70 hex. The reason is that bits #4, #5, and #6 are reserved. Bits #4, #5, and #6 are not verified during the verify pass, but they are added to the final checksum. The checksum is calculated from the EEPROM, the User EPROM, EENVR, and the User vectors only. In the case of 68HC08AS20, only EEPROM and EENVR are added to the checksum Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Security: Locations 0000 hex to 0007 hex in the Programmer's User RAM must contain your security code. The security code must be the same as the code you programmed to the device at locations FFF6h to FFFDh. Even blank devices are secured. For the blank devices the security code is eight 00h bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write 00h into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM differnt than 00h. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. NOTE: Some older mask devices do not have security feature implemented. ************************************************************************ 68HC708AS48 / 68HC08AS48 ------------------------ 68HC08AS48 is a mask version of 68HC708AS48 Blank state of EEPROM byte : FF hex Blank state of EPROM byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device) 0800 hex - 0A7F hex ** EEPROM (EEPROM cell) 3E00 hex - FDFF hex EPROM (EPROM cels) FE1C hex ** EENVR (EEPROM cell) FFDC hex - FFFF hex User vectors (EPROM cels) Sometimes EPROM locations from 3E00 hex to 3EFF hex are programmed with a test pattern by the manufacturer. This can cause a misverify. 68HC08AS48 is a mask version of 68HC708AS48. The EPROM is replaced with ROM. The algorithm for this device reads/verifies/programs only EEPROM cels marked with **. The EENVR register blank state is FF hex. On most devices it can not be programmed to 00 hex, only to 70 hex. The reason is that bits #4, #5, and #6 are reserved. Bits #4, #5, and #6 are not verified during the verify pass, but they are added to the final checksum. The checksum is calculated from the EEPROM, the User EPROM, EENVR, and the User vectors only. In the case of 68HC08AS20, only EEPROM and EENVR are added to the checksum Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Security: Locations 0000 hex to 0007 hex in the Programmer's User RAM must contain your security code. The security code must be the same as the code you programmed to the device at locations FFF6h to FFFDh. Even blank devices are secured. For the blank devices the security code is eight 00h bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write 00h into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM differnt than 00h. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. NOTE: Some older mask devices do not have security feature implemented. ************************************************************************ 68HC708LN56 ----------- Blank state of EPROM byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device) 1E00 hex - FDFF hex EPROM FFD8 hex - FFFF hex User vectors The checksum is calculated from the EPROM and the User vectors only. On the current mask the security is not implemented. On the future mask the security feature may be enabled. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Security: Locations 0000 hex to 0007 hex in the Programmer's User RAM must contain your security code. The security code must be the same as the code you programmed to the device at locations FFF6h to FFFDh. Even blank devices are secured. For the blank devices the security code is eight 00h bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write 00h into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM differnt than 00h. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. NOTE: Some older mask devices do not have security feature implemented. ************************************************************************ 68HC908AT60FU (64 pin QFP) 68HC908AT60FN (52 pin PLCC) -------------------------------------------------------- Originally, the 64 pin QFP device was manufactured in a "Short Lead" version called a "Factory Specific Package". Now Motorola switched to the true JEDEC package called previously "Long Lead" package. This "Long Lead" package is now the official package for all new deliveries of 68HC908AT60FU devices. The "Short Lead" version of the device needs PPI-0543 adapter. The "Long Lead" version of the device needs PPI-0503 adapter. For more information, please, contact your local Motorola representatives. Blank state of EEPROM byte : FF hex Blank state of FLASH byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 1. 52 pin PLCC package: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device, not added to checksum) 0450 hex - 05FF hex FLASH-2 array 0600 hex - 07FF hex EEPROM-2 array 0800 hex - 09FF hex EEPROM-1 array 0E00 hex - 7FFF hex FLASH-2 array 8000 hex - FDFF hex FLASH-1 array FE18 hex ** EENVR2 register (EEPROM-2 cell) FE1C hex ** EENVR1 register (EEPROM-1 cell) FF80 hex ** FLBPR1 register (FLASH-1 cell) FF81 hex ** FLBPR2 register (FLASH-2 cell) FFDA hex - FFFF hex User vectors (FLASH-1 cels) 2. 64 pin QFP package: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device, not added to checksum) 0450 hex - 04FF hex FLASH-2 array 0580 hex - 05FF hex FLASH-2 array 0600 hex - 07FF hex EEPROM-2 array 0800 hex - 09FF hex EEPROM-1 array 0E00 hex - 7FFF hex FLASH-2 array 8000 hex - FDFF hex FLASH-1 array FE18 hex ** EENVR2 register (EEPROM-2 cell) FE1C hex ** EENVR1 register (EEPROM-1 cell) FF80 hex ** FLBPR1 register (FLASH-1 cell) FF81 hex ** FLBPR2 register (FLASH-2 cell) FFCC hex - FFFF hex User vectors (FLASH-1 cells) After downloading the data file, check the User's RAM locations marked as ** if they contain the right values. Some data files have missing values for these locations. Some devices shipped from the manufacturer do not have EENVR1 and EENVR2 registers erased to FF hex. In this case, prior the programming the device, enable "Erase EE Device" option in the Program Memory Device Options screen. Always check EENVR1 and EENVR2 locations in User's RAM if they contain the desired data. Be careful with registers EENVR1 (at address FE1C hex) and EENVR2 (at address FE18 hex). Bit #4 in these registers are security bits. Programming them to '0' prevents program/erase access to memory locations $08F0 hex to $08FF hex. Programming the security bits has also the following effects: * Bulk and block erase are disabled * Programming and erasing EENVR registers is disabled. * Only unsecured locations at $0800 hex to $08EF hex can be erased by using single byte erase. Programming bit #7 in EENVR1 register or in EENVR2 to '1' places the EEPROM array associated with these register in a redundant mode. Be sure that this bit is '0'. Make sure that data in User's RAM locations 0600 hex to 06FF hex equals data in User's RAM locations 0700 hex to 07FF in the case of EEPROM-2 array used in redundant mode. When EEPROM-1 is used in redundant mode make locations 0800 hex to 08FF hex equals data in locations 0900 hex to 09FF In order to keep EEPROM/FLASH locations blank (unprogrammed), be sure that your datafile contains the right blank values in these locations. These locations in the Programmer's can be modified manually. Be careful with EENVR1, EENVR2, FLBPR1 and FLBPR2 registers. The checksum is calculated from locations mentioned in tables above. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Even blank devices are secured. For the blank devices the security code is eight 00h bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write 00h into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM different than 00h. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programmed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC908AS60FU (64 pin QFP) -------------------------- 68HC908AS60FN (52 pin PLCC) -------------------------- 68HC908AS60AFN (52 pin PLCC) -------------------------- Blank state of EEPROM byte : FF hex Blank state of EENVR byte : FF hex (from the factory : 70 hex) Blank state of FLASH byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device, not added to checksum) 0450 hex - 05FF hex FLASH-2 array 0600 hex - 07FF hex EEPROM-2 array 0800 hex - 09FF hex EEPROM-1 array 0E00 hex - 7FFF hex FLASH-2 array 8000 hex - FDFF hex FLASH-1 array FE18 hex ** EENVR2 register (EEPROM-2 cell) FE1C hex ** EENVR1 register (EEPROM-1 cell) FF80 hex ** FLBPR1 register (FLASH-1 cell) FF81 hex ** FLBPR2 register (FLASH-2 cell) FFDA hex - FFFF hex User vectors (FLASH-1 cels) After downloading the data file, check the User's RAM locations marked as ** if they contain the right values. Some data files have missing values for these locations. Some devices shipped from the manufacturer do not have EENVR1 and EENVR2 registers erased to FF hex. Be careful with registers EENVR1 (at address FE1C hex) and EENVR2 (at address FE18 hex). Bit #4 in these registers are security bits. Programming them to '0' prevents program/erase access to memory locations $08F0 hex to $08FF hex. Programming the security bits has also the following effects: * Bulk and block erase are disabled * Programming and erasing EENVR registers is disabled. * Only unsecured locations at $0800 hex to $08EF hex can be erased by using single byte erase. Programming bit #7 in EENVR1 register or in EENVR2 to '1' places the EEPROM array associated with these register in a redundant mode. Be sure that this bit is '0'. Make sure that data in User's RAM locations 0600 hex to 06FF hex equals data in User's RAM locations 0700 hex to 07FF in the case of EEPROM-2 array used in redundant mode. When EEPROM-1 is used in redundant mode make locations 0800 hex to 08FF hex equals data in locations 0900 hex to 09FF In order to keep EEPROM/FLASH locations blank (unprogrammed), be sure that your datafile contains the right blank values in these locations. These locations in the Programmer's can be modified manually. Be careful with EENVR1, EENVR2, FLBPR1 and FLBPR2 registers. The checksum is calculated from locations mentioned in tables above. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Even blank devices are secured. For the blank devices the security code is eight 00h bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write 00h into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM different than 00h. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programmed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC908AZ60FU (FU means 64 pin QFP package) ------------------------------------------ Originally, the 64 pin QFP device was manufactured in a "Short Lead" version called a "Factory Specific Package". Now Motorola switched to the true JEDEC package called previously "Long Lead" package. This "Long Lead" package is now the official package for all new deliveries of 68HC908AZ60FU devices. The "Short Lead" version of the device needs PPI-0543 adapter. The "Long Lead" version of the device needs PPI-0503 adapter. For more information, please, contact your local Motorola representatives. When using a device with mask 3H62A, select algorithm: HC908AZ60FU-3H62 The device with mask 3H62A does not have security feature enabled. For the device with mask 8H62A or newer, select algorithm: HC908AZ60FU-8H62 The device with mask 8H62A has the security feature enabled. For the device with mask 2J74Y or newer, select algorithm: HC908AZ60FU-2J74Y Monitor mode on the new 2J74Y mask revision differs in baud rate. The production quality devices are marked as XC68HC908AZ60FU. Devices marked as PC68HC908AZ60FU may experience some problems. For more information, please, contact your local Motorola representatives. Blank state of EEPROM byte : FF hex Blank state of EENVR byte : FF hex (from the factory : 70 hex) Blank state of FLASH byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device, not added to checksum) 0450 hex - 04FF hex FLASH-2 array 0580 hex - 05FF hex FLASH-2 array 0600 hex - 07FF hex EEPROM-2 array 0800 hex - 09FF hex EEPROM-1 array 0E00 hex - 7FFF hex FLASH-2 array 8000 hex - FDFF hex FLASH-1 array FE18 hex ** EENVR2 register (EEPROM-2 cell) FE1C hex ** EENVR1 register (EEPROM-1 cell) FF80 hex ** FLBPR1 register (FLASH-1 cell) FF81 hex ** FLBPR2 register (FLASH-2 cell) FFCC hex - FFFF hex User vectors (FLASH-1 cells) After downloading the data file, check the User's RAM locations marked as ** if they contain the right values. Some data files have missing values for these locations. Some devices shipped from the manufacturer do not have EENVR1 and EENVR2 registers erased to FF hex. In this case, prior the programming the device, enable "Erase EE Device" option in the Program Memory Device Options screen. Always check EENVR1 and EENVR2 locations in User's RAM if they contain the desired data. Be careful with registers EENVR1 (at address FE1C hex) and EENVR2 (at address FE18 hex). Bit #4 in these registers are security bits. Programming them to '0' prevents program/erase access to memory locations $08F0 hex to $08FF hex. Programming the security bits has also the following effects: * Bulk and block erase are disabled * Programming and erasing EENVR registers is disabled. * Only unsecured locations at $0800 hex to $08EF hex can be erased by using single byte erase. Programming bit #7 in EENVR1 register or in EENVR2 to '1' places the EEPROM array associated with these register in a redundant mode. Be sure that this bit is '0'. Make sure that data in User's RAM locations 0600 hex to 06FF hex equals data in User's RAM locations 0700 hex to 07FF in the case of EEPROM-2 array used in redundant mode. When EEPROM-1 is used in redundant mode make locations 0800 hex to 08FF hex equals data in locations 0900 hex to 09FF In order to keep EEPROM/FLASH locations blank (unprogrammed), be sure that your datafile contains the right blank values in these locations. These locations in the Programmer's can be modified manually. The checksum is calculated from locations mentioned in tables above. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Even blank devices are secured. For the blank devices the security code is eight 00h bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write 00h into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM different than 00h. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programmed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC908GP32FU ------------- 68HC908GP32CFB ------------- 68HC908GP32CP ------------- Blank state of FLASH byte : FF hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device, not added to checksum) 8000 hex - FDFF hex FLASH array FF7E hex FLBPR register (FLASH cell) FFDC hex - FFFF hex User vectors (FLASH cells) The checksum is calculated from locations mentioned in table above. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Even blank devices are secured. For the blank devices the security code is eight FFh bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write FFh into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM different than FFh. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programmed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. The device can be bulk erased in the case that the user forgot the security code. All locations will be erased to FFh and the new security code will change to eight FFh (blank device security code). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC908MR24 ------------- Blank state of FLASH byte : 00 hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device, not added to checksum) A000 hex - FDFF hex FLASH array FF80 hex FLBPR register (FLASH cell) FFD2 hex - FFFF hex User vectors (FLASH cells) The checksum is calculated from locations mentioned in table above. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Even blank devices are secured. For the blank devices the security code is eight 00h bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write FFh into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM different than FFh. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programmed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. The device can be bulk erased in the case that the user forgot the security code. All locations will be erased to 00h and the new security code will change to eight 00h (blank device security code). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC908MR32FU --------------- 68HC908MR16FU --------------- Blank state of FLASH byte : FF hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device, not added to checksum) NOTE: Main array size is the only specific difference between devices 8000 hex - FDFF hex FLASH array for 68HC908MR32 8000 hex - BEFF hex FLASH array for 68HC908MR16 FF7E hex FLBPR register (FLASH cell) FFD2 hex - FFFF hex User vectors (FLASH cells) The checksum is calculated from locations mentioned in table above; please note the exception of the security bytes. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Even blank devices are secured. For the blank devices the security code is eight FFh bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write FFh into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM different than FFh. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programmed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. The device can be bulk erased in the case that the user forgot the security code. All locations will be erased to FFh and the new security code will change to eight FFh (blank device security code). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC711P2 ---------- Blank state of byte: FF hex (both EPROM and EEPROM) Data in Programmer's User RAM is partitioned as follow: 003F hex config. register (EEPROM cell) 0D00 hex - 0FFF hex EEPROM 8000 hex - FFFF hex EPROM (not on 68HC11P2) A special care has to be given to the configuration register at address 003F hex.. It is EEPROM byte and can be erased. Not all bits in the configuration register are programmable. Bit #5 and #6 are always '1' and can not be programmed to 0. Then change the value of the config. byte in your datafile accordingly. The attempt to program bits #5 and #6 can result in verify error. To determine the blank state of the config. reg., load the blank device and look at location 003F hex. Bit #3 (NOSEC) protects the contents of EEPROM and EPROM from unauthorized acces. A mask option determines whether the security feature is available or not. If the security feature is available, then bit #3 can be set to '0'. Othervise, the bit is set permanently to '1', disabling the security. 68HC11P2 is a mask version of 68HC711P2. The EPROM is replaced with ROM. The algorithm for this device reads/verifies/programs only EEPROM cels. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC711KA4 ---------- Blank state of the byte: FF hex (both EPROM and EEPROM) Data in the Programmer's User RAM is partitioned as follow: 003F hex config. register (EEPROM cell) 0D80 hex - 0FFF hex EEPROM A000 hex - FFFF hex EPROM (not on 68HC11KA4) A special care has to be given to the configuration register at address 003F hex.. It is EEPROM byte and can be erased. bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- ROMAD 1 CLKX PAREN NOSEC NOCOP ROMON EEON always 1 or 0 usually 1 Not all bits in the configuration register are programmable. To determine the blank state of the config. reg., load the blank device and look at location 003F hex. Then change the value of the config. byte in your datafile accordingly. The attempt to program bits #3 and #6 can result in verify error. Bit #6 is always '1' and can not be programmed to '0'. The value of bit #3 on blank devices can be different on windowed parts and on one time programmable parts (OTPs). Bit #3 (NOSEC) protects the contents of EEPROM and EPROM from unauthorized acces. A mask option determines whether the security feature is available or not. If the security feature is available, then bit #3 can be set to '0'. Othervise, the bit is set permanently to '1', disabling the security. 68HC11KA4 is a mask version of 68HC711KA4. The EPROM is replaced with ROM. The algorithm for this device reads/verifies/programs only EEPROM cels. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC711KA8 ---------- Blank state of the byte: FF hex (both EPROM and EEPROM) Data in the Programmer's User RAM is partitioned as follow: 003F hex config. register (EEPROM cell) 0D80 hex - 0FFF hex EEPROM 4000 hex - FFFF hex EPROM A special care has to be given to the configuration register at address 003F hex.. It is EEPROM byte and can be erased. bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- ROMAD 1 CLKX PAREN NOSEC NOCOP ROMON EEON always 1 or 0 usually 1 Not all bits in the configuration register are programmable. To determine the blank state of the config. reg., load the blank device and look at location 003F hex. Then change the value of the config. byte in your datafile accordingly. The attempt to program bits #3 and #6 can result in verify error. Bit #6 is always '1' and can not be programmed to '0'. The value of bit #3 on blank devices can be different on windowed parts and on one time programmable parts (OTPs). Bit #3 (NOSEC) protects the contents of EEPROM and EPROM from unauthorized acces. A mask option determines whether the security feature is available or not. If the security feature is available, then bit #3 can be set to '0'. Othervise, the bit is set permanently to '1', disabling the security. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC711KS8 ---------- Blank state of the byte: FF hex (both EPROM and EEPROM) Data in the Programmer's User RAM is partitioned as follow: 003F hex config. register (EEPROM cell) 0D80 hex - 0FFF hex EEPROM 4000 hex - FFFF hex EPROM A special care has to be given to the configuration register at address 003F hex.. It is EEPROM byte and can be erased. bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- ROMAD 1 CLKX PAREN NOSEC NOCOP ROMON EEON always 1 or 0 usually 1 Not all bits in the configuration register are programmable. To determine the blank state of the config. reg., load the blank device and look at location 003F hex. Then change the value of the config. byte in your datafile accordingly. The attempt to program bits #3 and #6 can result in verify error. Bit #6 is always '1' and can not be programmed to '0'. The value of bit #3 on blank devices can be different on windowed parts and on one time programmable parts (OTPs). Bit #3 (NOSEC) protects the contents of EEPROM and EPROM from unauthorized acces. A mask option determines whether the security feature is available or not. If the security feature is available, then bit #3 can be set to '0'. Othervise, the bit is set permanently to '1', disabling the security. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC711KA2 ---------- Blank state of byte: FF hex (both EPROM and EEPROM) Data in Programmer's User RAM is partitioned as follow: 003F hex config. register (EEPROM cell) 0D80 hex - 0FFF hex EEPROM 8000 hex - FFFF hex EPROM (not on 68HC11KA4) A special care has to be given to the configuration register at address 003F hex.. It is EEPROM byte and can be erased. bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- ROMAD 1 CLKX PAREN NOSEC NOCOP ROMON EEON always 1 or 0 usually 1 Not all bits in the configuration register are programmable. To determine the blank state of the config. reg., load the blank device and look at location 003F hex. Then change the value of the config. byte in your datafile accordingly. The attempt to program bits #3 and #6 can result in verify error. Bit #6 is always '1' and can not be programmed to 0. The value of bit #3 on blank devices can be different on windowed parts and on one time programmable parts (OTPs). Bit #3 (NOSEC) protects the contents of EEPROM and EPROM from unauthorized acces. A mask option determines whether the security feature is available or not. If the security feature is available, then bit #3 can be set to '0'. Othervise, the bit is set permanently to '1', disabling the security. 68HC11KA2 is a mask version of 68HC711KA2. The EPROM is replaced with ROM. The algorithm for this device reads/verifies/programs only EEPROM cels. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC711K4 ---------- Blank state of byte: FF hex (both EPROM and EEPROM) Data in Programmer's User RAM is partitioned as follow: 003F hex config. register (EEPROM cell) 0D80 hex - 0FFF hex EEPROM A000 hex - FFFF hex EPROM (not on 68HC11K4) A special care has to be given to the configuration register at address 003F hex. It is EEPROM byte and can be erased. bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- ROMAD 1 CLKX PAREN NOSEC NOCOP ROMON EEON Always 1 or 0 usually 1 Not all bits in the configuration register are programmable. To determine the blank state of the config. reg., load the blank device and look at location 003F hex. Then change the value of the config. byte in your datafile accordingly. The attempt to program bits #3 and #6 can result in verify error. Bit #6 is always '1' and can not be programmed to 0. The value of bit #3 on blank devices can be different on windowed parts and on one time programmable parts (OTPs). Bit #3 (NOSEC) protects the contents of EEPROM and EPROM from unauthorized acces. A mask option determines whether the security feature is available or not. If the security feature is available, then bit #3 can be set to '0'. Othervise, the bit is set permanently to '1', disabling the security. 68HC11K4 is a mask version of 68HC711K4. The EPROM is replaced with ROM. The algorithm for this device reads/verifies/programs only EEPROM cels. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC11K1 ---------- Blank state of EEPROM byte: FF hex Data in Programmer's User RAM is partitioned as follow: 003F hex config. register (EEPROM cell) 0D80 hex - 0FFF hex EEPROM A special care has to be given to the configuration register at address 003F hex. It is EEPROM byte and can be erased. bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- ROMAD 1 CLKX PAREN NOSEC NOCOP ROMON EEON Always 1 or 0 usually 1 Not all bits in the configuration register are programmable. To determine the blank state of the config. reg., load the blank device and look at location 003F hex. Then change the value of the config. byte in your datafile accordingly. The attempt to program bits #3 and #6 can result in verify error. Bit #6 is always '1' and can not be programmed to 0. The value of bit #3 on blank devices can be different on windowed parts and on one time programmable parts (OTPs). Bit #3 (NOSEC) protects the contents of EEPROM and EPROM from unauthorized acces. A mask option determines whether the security feature is available or not. If the security feature is available, then bit #3 can be set to '0'. Othervise, the bit is set permanently to '1', disabling the security. 68HC11K1 is a downgraded version of 68HC11K4. The difference is that 68HC11K1 has useless data in the ROM. Consider to program the bit #1 (ROMON) in the configuration register at address 003F hex to '0' in order to disable the ROM. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC711L6 / 68HC11L6 / 68HC11L1 ------------------------------- 68HC11L6 and 68HC11L1 are mask versions of the device Blank state of byte: FF hex (both EPROM and EEPROM) Data in Programmer's User RAM is partitioned as follow: 103F hex config. register (EEPROM cell) B600 hex - B7FF hex EEPROM C000 hex - FFFF hex EPROM (not on 68HC11L6 and HC11L1) A special care has to be given to the configuration register at address 103F hex. It is EEPROM byte and can be erased. bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- 0 0 0 0 NOSEC NOCOP ROMON EEON |---- not implemented ---| Not all bits in the configuration register are programmable. To determine the blank state of the config. reg., load the blank device and look at location 103F hex. The attempt to program bits #3 to #7 can result in verify error. The value of bit #3 on blank devices can be different on windowed parts and on one time programmable parts (OTPs). Bit #3 (NOSEC) protects the contents of EEPROM and EPROM from unauthorized acces. A mask option determines whether the security feature is available or not. If the security feature is available, then bit #3 can be set to '0'. Othervise, the bit is set permanently to '1', disabling the security. 68HC11L6 is a mask version of 68HC711L6. The EPROM is replaced with ROM. The algorithm for this device reads/verifies/programs only EEPROM cels. 68HC11L1 is a downgraded version of 68HC11L6. The difference is that 68HC11L1 has useless data in the ROM. Consider to program the bit #1 (ROMON) in the configuration register at address 103F hex to '0' in order to disable the ROM. The algorithm for this device reads/verifies/programs only EEPROM cels. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC711E9 / 68HC711EA9 / 68HC711E1 ---------------------------------- Blank state of byte: FF hex (both EPROM and EEPROM) Blank state of the configuration byte at 103F hex is 0F hex. Data in the Programmer's User RAM is partitioned as follow: 103F hex config. register (EEPROM cell) B600 hex - B7FF hex EEPROM D000 hex - FFFF hex EPROM The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. A special care has to be given to the configuration register at address 103F hex. It is EEPROM byte and can be erased. Not all bits in the configuration register are programmable. bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- 0 0 0 0 1 NOCOP ROMON EEON always always always always always <---- programable ----> <----- erasable ------> You can program into configuration register values in the range 08 hex to 0F hex. IF ROMON = '0' then the EPROM is removed from the microcontroller's memory map. IF EEON = '0' then the EEPROM is removed from the microcontroller's memory map. If EEON bit in the configuration byte = '0' then the EEPROM is not loaded, verified or programmed! During the load the data in Programmer's User RAM is unchanged! In order to reprogram the non blank configuration byte at 103F hex, first erase the EEPROM. Erasing the EEPROM array erases also the configuration register. If EEON bit in the configuration byte = '0' then the EEPROM is not loaded, verified or programmed! But the final checksum includes the bytes of EEPROM block in the Programmer's User RAM. If the EEPROM is enabled (EEON = '1') and the user wants to keep EEPROM blank, fill EEPROM locations in the Programmer's User RAM with FF hex. To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The checksum is calculated by adding bytes from address 0000 hex to FFFF hex in the Programmer's User RAM. Starting software version 4.9 (Unisite) and 2.7 (3900, Autosite), the checksum is calculated as follow: Checksum = config. register + EEPROM bytes + EPROM bytes Filling the Programmer's User RAM with 00 hex prior the loading the device or the downloading the data file will help you to check if the data is correctly located after loading the device or downloading the data file. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68S711E9 -------- Blank state of byte: FF hex (both EPROM and EEPROM) Blank state of the configuration byte at 103F hex is 0F hex. Data in the Programmer's User RAM is partitioned as follow: 103F hex config. register (EEPROM cell) B600 hex - B7FF hex EEPROM D000 hex - FFFF hex EPROM The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. A special care has to be given to the configuration register at address 103F hex. It is EEPROM byte and can be erased. Not all bits in the configuration register are programmable. bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- 0 0 0 0 1 NOCOP ROMON EEON always always always always NOSEC <---- programable ----> <----- erasable ------> You can program into configuration register values in the range 08 hex to 0F hex. Bit #3 (NOSEC) protects the contents of EEPROM/EPROM from unauthorized acces. The bit #3 data from your datafile or your master device is ignored by the programmer. If bit #3 is '0' in your data file and 'Verify passes' is set to 1 or 2, a verify error occures at location 103F hex. In this case change bit #3 to '1'. This feature gives you some warning that the security bit of the byte at location 103F hex in your data file is ignored. To secure the device, enable the Security Option in the Program Memory Device Options screen( Program security fuse = Y). If the Security Option is enabled, the security bit in the CONFIG register (at address 103F hex) is programmed to '0' and the part is secured. Any operation (even verify)on the secured part can cause that EEPRON is erased or partially erased! The device will not be reusable if the EPROM is not blank! IF EEON = '0' then the EEPROM is removed from the microcontroller's memory map. If EEON bit in the configuration byte = '0' then the EEPROM is not loaded, verified or programmed! During the load the data in Programmer's User RAM is unchanged! In order to reprogram the non blank configuration byte at 103F hex, first erase the EEPROM. Erasing the EEPROM array erases also the configuration register. If EEON bit in the configuration byte = '0' then the EEPROM is not loaded, verified or programmed! But the final checksum includes the bytes of EEPROM block in the Programmer's User RAM. If the EEPROM is enabled (EEON = '1') and the user wants to keep EEPROM blank, fill EEPROM locations in the Programmer's User RAM with FF hex. To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The checksum is calculated by adding bytes from address 0000 hex to FFFF hex in the Programmer's User RAM. Starting software version 5.9, the checksum is calculated as follow: Checksum = config. register + EEPROM bytes + EPROM bytes Filling the Programmer's User RAM with 00 hex prior the loading the device or the downloading the data file will help you to check if the data is correctly located after loading the device or downloading the data file. NOTE: Always enable at least one pass verify when programming. If you do not see the 'Verify passes' on your screen, press F4 key. To verify if the security feature works: Take a blank device, load the device into the Programmer's User RAM. Go to location B600 hex (EEPROM) and modify several bytes. Do not touch locations D000 hex to FFFF hex (EPROM). These locations should stay FF hex. Enable 'Program security fuse' in the 'Program Memory Device' screen. Set 'Verify passes' to 1 or 2. Program the device. Select 'Verify Memory Device' screen. Verify the device. First you should see a misverify error at 103F hex : Device Address RAM Data Device Data -------------- -------- ----------- 0000103F 0F F7 Device data equal to F7 hex (1111 0111 bin) means that the device is secured. Hit the return key. You will get a message: 'NOT INITIALIZED CORRECTLY - (SECURED OR BAD DEVICE)' Hit the return key again. You should see misverify errors at addresses you modified previously. All device data fields should be FF hex (blank state.) At this point the EEPROM and the CONFIG registers are erased and the device can be reused. ************************************************************************ 68HC011E9 / 68HC011E1 --------------------- The device is a mask version of 68HC711E9 (68HC711E1), therefore only configuretion register and EEPOM are loaded, verified and programed. Blank state of byte: FF hex Blank state of the configuration byte at 103F hex is 0F hex. Data in the Programmer's User RAM is partitioned as follow: 103F hex config. register (EEPROM cell) B600 hex - B7FF hex EEPROM The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. A special care has to be given to the configuration register at address 103F hex. It is EEPROM byte and can be erased. Not all bits in the configuration register are programmable. bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- 0 0 0 0 1 NOCOP ROMON EEON always always always always always <---- programable ----> <----- erasable ------> You can program into configuration register values in the range 08 hex to 0F hex. IF ROMON = '0' then the EPROM is removed from the microcontroller's memory map (in this case mask EPROM). IF EEON = '0' then the EEPROM is removed from the microcontroller's memory map. If EEON bit in the configuration byte = '0' then the EEPROM is not loaded, verified or programmed! During the load the data in Programmer's User RAM is unchanged! In order to reprogram the non blank configuration byte at 103F hex, first erase the EEPROM. Erasing the EEPROM array erases also the configuration register. If EEON bit in the configuration byte = '0' then the EEPROM is not loaded, verified or programmed! But the final checksum includes the bytes of EEPROM block in the Programmer's User RAM. If the EEPROM is enabled (EEON = '1') and the user wants to keep EEPROM blank, fill EEPROM locations in the Programmer's User RAM with FF hex. Starting software version 4.9 (Unisite) and 2.7 (3900, Autosite), the checksum is calculated as follow: Checksum = config. register + EPROM bytes Filling the Programmer's User RAM with 00 hex prior the loading the device or the downloading the data file will help you to check if the data is correctly located after loading the device or downloading the data file. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC916Y1 --------- The device is a microcontroller with flash memory. Blank state of byte/word: FFFF hex The User's RAM (in the programer) does not corresponds directly to the device memory map (reason : the main array is reallocable). Change your datafile accordingly (or move data in the user's RAM. Data in Programmer's User RAM is partitioned as follow: Main array in user's RAM Main array in the device ------------------------------ ------------------------ 0000 hex - 5FFF hex (in words!) 0000 hex - BFFF hex (in bytes) Shadow registers in the user's RAM are positioned as follow: Register Adr. in user's RAM Adr. in the device Blank state -------- ------------------ ------------------ ----------- FEEMCR 6000 hex F820 hex 9BC0h FEETST 6001 hex F822 hex 0000h * FEEBAH 6002 hex F824 hex 00FFh FEEBAL 6003 hex F826 hex 0000h * FEECTL 6004 hex F828 hex 0000h * UNUSED 6005 hex F82A hex 0000h * UNUSED 6006 hex F82C hex 0000h * UNUSED 6007 hex F82E hex 0000h * FEEBS0 6008 hex F830 hex FFFFh FEEBS1 6009 hex F832 hex FFFFh FEEBS2 600A hex F834 hex FFFFh FEEBS3 600B hex F836 hex FFFFh UNUSED 600C hex F838 hex 0000h * UNUSED 600D hex F83A hex 0000h * UNUSED 600E hex F83C hex 0000h * UNUSED 600F hex F83E hex 0000h * Note: registers marked with '*' are not programmable. Sometimes the device is loose in the socket and incorrect read can be experienced (notisable on blank devices. Try to move the device in the socket. In severe cases the message 'NOT INITIALIZED DURING POWER UP' is displayed. Look for shorted pins. the device can be bad. Also check for mechanical problems ( the device is too loose in the socket). Note: Power up the programmer with the adapter removed. If the adapter is inserted in PPI base, the programmer will not pass the self test. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705X16 / 68HC05X16 ---------------------- 68HC05X16 is a mask version of 68HC705X16 Blank state of EEPROM byte: FF hex Blank state of EPROM byte : 00 hex The device memory map corresponds directly to the User's RAM Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex page 0 EPROM 0100 hex - 011F hex non protected EEPROM 0120 hex - 01FF hex protected EEPROM 0300 hex - 3DFF hex EPROM or mask on HC05 3FF0 hex - 3FFF hex User's vectors (EPROM or mask on HC05) The byte at 3DFF is reserved. The first EEPROM address (100 hex) is OPTR. Be carefull with this byte! bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- unused unused unused unused unused unused EE1P SEC If bit #1 (EE1P) is programmed to '0', the second part of EEPROM (0120 hex to 01FF can not be erased or programmed, but can be read. To make this part of EEPROM available, erase the whole EEPROM (this erases also the OPTR at adr. 0100 hex. If the bit #0 (SEC) is programmed to '0' the part is secured. It can not be read, programmed or erased! Be careful with this bit. If the part is the one time programmable part (OTP), there is no way how to change incorrect data (on UV erasable parts, the exposure the device to a high density ultraviolet light (UV) erases the OPTR at adr. 0100 hex and the part is unsecured. To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The window on the device must be covered with an opaque label during any operation (if UV erasable part). There can be two algorithms available: a) for programming EEPROM and EPROM b) for programming EPROM only Algorithm for 68HC05X16 (mask version of 68HC705X16) reads, verifies or programs EEPROM only. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705B16 / 68HC705B16N ------------------------ Blank state of EEPROM byte: FF hex Blank state of EPROM byte : 00 hex The device memory map corresponds directly to the User's RAM Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex page 0 EPROM 0100 hex - 011F hex non protected EEPROM 0120 hex - 01FF hex protected EEPROM 0300 hex - 3DFF hex EPROM or mask on HC05 3FF2 hex - 3FFF hex User's vectors (EPROM or mask on HC05) The bytes at 3DFE hex and 3DFF hex are reserved. The bytes at 3FF0 hex and 3FF1 hex are reserved. The reserved locations 3DFE hex, 3DFF hex, 3FF0 hex and 3FF1 hex can be programmed. Check the 68HC705B16 User's manual for more details about those locations. The first EEPROM address (100 hex) is OPTR. Be carefull with this byte! bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- unused unused unused unused unused unused EE1P SEC If bit #1 (EE1P) is programmed to '0', the second part of EEPROM (0120 hex to 01FF can not be erased or programmed, but can be read. To make this part of EEPROM available, erase the whole EEPROM (this erases also the OPTR at adr. 0100 hex. If the bit #0 (SEC) is programmed to '0' the part is secured. It can not be read, programmed or erased! Be careful with this bit. If the part is the one time programmable part (OTP), there is no way how to change incorrect data (on UV erasable parts, the exposure the device to a high density ultraviolet light (UV) erases the OPTR at adr. 0100 hex and the part is unsecured. To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The window on the device must be covered with an opaque label during any operation (if UV erasable part). There can be two algorithms available: a) for programming EEPROM and EPROM b) for programming EPROM only Algorithm for 68HC05B16 (mask version of 68HC705B16) reads, verifies or programs EEPROM only. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC05B16 (mask version of 68HC705B16) -------------------------------------- Blank state of EEPROM byte: FF hex The device memory map corresponds directly to the User's RAM Data in Programmer's User RAM is partitioned as follow: 0100 hex - 011F hex non protected EEPROM 0120 hex - 01FF hex protected EEPROM The first EEPROM address (100 hex) is OPTR. Be carefull with this byte! bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- unused unused unused unused unused unused EE1P SEC If bit #1 (EE1P) is programmed to '0', the second part of EEPROM (0120 hex to 01FF can not be erased or programmed, but can be read. To make this part of EEPROM available, erase the whole EEPROM (this erases also the OPTR at adr. 0100 hex. If the bit #0 (SEC) is programmed to '0' the part is secured. It can not be read, programmed or erased! Be careful with this bit. If the part is the one time programmable part (OTP), there is no way how to change incorrect data (on UV erasable parts, the exposure the device to a high density ultraviolet light (UV) erases the OPTR at adr. 0100 hex and the part is unsecured. To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705X32 / 68HC705B32 / 68HC705BP32 ------------------------------------- and 68HC05X32 / 68HC05B32 / 68HC05BP32 (mask versions) -------------------------------------------------- Blank state of EEPROM byte: FF hex Blank state of EPROM byte : 00 hex The device memory map corresponds directly to the User's RAM Data in Programmer's User RAM is partitioned as follow: 0020 hex - 004F hex page 0 EPROM (not on 705X32/B32) 0100 hex - 011F hex non protected EEPROM 0120 hex - 01FF hex protected EEPROM 0400 hex - 7DFF hex EPROM or mask on HC05 7FDE hex MOR register (EPROM cell or mask on HC05) 7FDF hex reserved (not read or programmed) 7FF0 hex - 7FFF hex User's vectors (EPROM or mask on HC05) The first EEPROM address (100 hex) is OPTR. Be carefull with this byte! bit 7 bit 6 bit5 bit4 bit 3 bit 2 bit1 bit0 ---------------------------------------------------------------- unused unused unused unused unused unused EE1P SEC If bit #1 (EE1P) is programmed to '0', the second part of EEPROM (0120 hex to 01FF can not be erased or programmed, but can be read. To make this part of EEPROM available, erase the whole EEPROM (this erases also the OPTR at adr. 0100 hex. If the bit #0 (SEC) is programmed to '0' the part is secured. It can not be read, programmed or erased! Be careful with this bit. If the part is the one time programmable part (OTP), there is no way how to change incorrect data (on UV erasable parts, the exposure the device to a high density ultraviolet light (UV) erases the OPTR at adr. 0100 hex and the part is unsecured. To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The window on the device must be covered with an opaque label during any operation (if UV erasable part). There can be two algorithms available: a) for programming EEPROM and EPROM b) for programming EPROM only Algorithm for 68HC05X32/B32/BP32 (mask version of 68HC705X32/B32/BP32) reads, verifies or programs EEPROM only. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC711E20 ---------- Blank state of byte: FF hex (both EPROM and EEPROM) Data in Programmer's User RAM is partitioned as follow: 103Fh --- conf. reg. 9000h - AFFFh --- 1. EPROM B600h - B7FFh --- EEPROM D000h - FFFFh --- 2. EPROM A special care has to be given to the configuration register at address 103F hex. It is EEPROM byte and can be erased. bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 bit 0 -------------------------------------------------------------------- 0 0 0 0 NOSEC NOCOP 1 EEON always always always always usually 1 always Not all bits in the configuration register are programmable. To determine the blank state of the config. reg., load the blank device and look at location 103F hex. Then change the value of the config. byte in your datafile accordingly. The attempt to program bits #1,#3,#4,#5,#6 and #7 can result in verify error. Bit #1 is always '1' and can not be programmed to 0. The value of bit #3 on blank devices can be different on windowed parts and on one time programmable parts (OTPs). Bit #3 (NOSEC) protects the contents of EEPROM from unauthorized acces. The bit #3 data from your datafile or your master device is ignored by the programmer. To secure the device, enable the Security Option in the Program Memory Device Options screen. If the Security Option is enabled, the security bit in the CONFIG register (at address 103F hex) is programmed to '0' and the part is secured. Any operation (even verify)on the secured part can cause that EEPRON is erased or partially erased. Bit #0 (EEON) is EEPROM Enable bit. If set to '0', the EEPROM is removed from the memory map. The Data I/O programmer does not load, verify or program the EEPROM if EEON bit is set to '0'. The programer skips all EEPROM adresses (in Programmer's User's RAM the EEPROM the EEPROM addresses are untouched - will contain data from previous loads). The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: An attempt to erase EEPROM if EPROM is not blank can result in error message: OPERATION FAILED: Non-blank device. In that case, disable BLANK CHECK in PROGRAM MEMORY DEVICE screen. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC711E32 / 68HC711ER32 ------------------------ Blank state of byte: FF hex (both EPROM and EEPROM) Data in Programmer's User RAM is partitioned as follow: 103Fh --- conf. reg. (EEPROM cell) 7000h - AFFFh --- 1. EPROM B600h - B7FFh --- EEPROM (not present on 68HC711ER32) C000h - FFFFh --- 2. EPROM A special care has to be given to the configuration register at address 103F hex. It is EEPROM byte and it can be erased (use bulk erase). bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 bit 0 -------------------------------------------------------------------- 0 0 0 0 NOSEC NOCOP 1 EEON always always always always usually 1 always Not all bits in the configuration register are programmable. To determine the blank state of the config. reg., load the blank device and look at location 103F hex. Then change the value of the config. byte in your datafile accordingly. The attempt to program bits #1,#3,#4,#5,#6 and #7 can result in verify error. Bit #1 is always '1' and can not be programmed to 0. The value of bit #3 on blank devices can be different on windowed parts and on one time programmable parts (OTPs). Bit #3 (NOSEC) protects the contents of EEPROM and EPROM from unauthorized acces. A mask option determines whether the security feature is available or not. If the security feature is available, then bit #3 can be set to '0'. Othervise, the bit is set permanently to '1', disabling the security. Bit #0 (EEON) is EEPROM Enable bit. If set to '0', the EEPROM is removed from the memory map. The Data I/O programmer does not load, verify or program the EEPROM if EEON bit is set to '0'. The programer skips all EEPROM adresses (in Programmer's User's RAM the EEPROM the EEPROM addresses are untouched - will contain data from previous loads). NOTE: An attempt to erase EEPROM if EPROM is not blank can result in error message: OPERATION FAILED: Non-blank device. In that case, disable BLANK CHECK in PROGRAM MEMORY DEVICE screen. If CONFIG register is not blank the message is: 'CONFIGURATION BYTE NOT BLANK'. This byte can be bulk erased. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC11F1 -------- Blank state of byte: FF hex (EEPROM) The device memory map corresponds directly to the User's RAM The checksum is calculated from the whole memory space (0000 hex - FFFF hex.). To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. Data in Programmer's User RAM is partitioned as follow: 103Fh --- conf. reg. (EEPROM cell) FE00h - FFFFh --- EEPROM A special care has to be given to the configuration register at address 103F hex. It is EEPROM byte and it can be erased (use bulk erase). bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 bit 0 -------------------------------------------------------------------- EE3 EE2 EE1 EE0 1 NOCOP 1 EEON always always Bits EE3-EE0 determine the EEPROM map position. EEPROM is located at xE00 hex to xFFF hex where 'x' is a hexadecimal value represented by those four bits. In single-chip and bootstrap modes, EEPROM is forced to FE00 hex to FFFF hex, regardles of the state of EE3-EE0 bits. Most users use config. reg. value: FF hex - if COP is disabled FB hex - if COP is enabled Not all bits in the configuration register are programmable. Bit #1 and #3 are not implemented and always read '1'. In the Bootstrap mode (in this mode the device is programmed) only bit #2 (NOCOP) is readable, and only that bit is verified. That means that the customer can see only FF hex or FB hex values when the device is read. To determine the blank state of the config. reg., load the blank device and look at location 103F hex. Then change the value of the config. byte in your datafile accordingly. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705J1A / 68HR705J1A ----------------------- Blank state of EPROM byte : 00 hex The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. Data in Programmer's User RAM is partitioned as follow: 0300 hex - 07CF hex EPROM (1232 bytes) 07F1 hex MOR register (EPROM cell) 07F2 hex - 07FF hex EPROM cells Note: User Vectors are at 07F8 hex - 07FF hex. A special care has to be given to the MOR register at address 07F1 hex. It is an EPROM byte and it contains a security bit (bit #6). MOR values for unsecured devices MOR values for secured devices -------------------------------- ------------------------------ 00 hex to 3F hex 40 hex to 7F hex 80 hex to BF hex C0 hex to FF hex If the part has to be programmed with the security feature on, check the location 07F1 hex in the Programmer's User RAM and compare the value in it to the 'MOR values for secured devices'. Once the part is programmed with the bit #6 in the MOR register set, it is unreadable. A read operation results in reading all locations as 00 hex. This can be confused with a blank part. An attempt to program a secured part will result in a 'verify error'. The window on the device must be covered with an opaque label during any operation (if UV erasable part). On handlers (2500, 3500 and others) is recommended to use by pass capacitors (.1uf) between Vcc and ground, and Vpp and ground. The most important capacitors are between Vcc and ground. If you cannot obtain capacitors, or have difficulty implementing this, Capacitor Blocks can be special ordered from Data I/O. DIP/SOIC package Vcc and ground locations: Vcc : 9 ground: 10 NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705KJ1/68HRC705KJ1/68HLC705KJ1 ---------------------------------- The devices is similar to 705J1A. The 68HRC705KJ1 is a resistor-capacitor (RC) mask version of 68HC705KJ1. The 68HLC705KJ1 is a low frequency mask version of 68HC705KJ1. Blank state of EPROM byte : 00 hex The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. Data in Programmer's User RAM is partitioned as follow: 0300 hex - 07CF hex EPROM (1232 bytes) 07F1 hex MOR register (EPROM cell) 07F2 hex - 07FF hex EPROM cells A special care has to be given to the MOR register at address 07F1 hex. It is an EPROM byte and it contains a security bit. Bits in MOR register at address 07F1 hex.: bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 bit 0 -------------------------------------------------------------------- SOSCD EPMSEC OSCRES SWAIT SWPDI PIRQ LEVEL COPEN Bit #5 in MOR (OSCRES) should be set to '0' in devices using low speed crystal or RC oscilator. Bit #0 in MOR register should be set to '1' for COP watch dog enabled and to '0' for COP watch dog disabled. For more information, please, contact your local Motorola representative. On handlers (2500, 3500 and others) is recommended to use by pass capacitors (.1uf) between Vcc and ground, and Vpp and ground. The most important capacitors are between Vcc and ground. If you cannot obtain capacitors, or have difficulty implementing this, Capacitor Blocks can be special ordered from Data I/O. DIP package Vcc and ground locations: Vcc : 6 ground: 7 Note: User Vectors are at 07F8 hex - 07FF hex. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705JB2 ---------- Blank state of EPROM byte : FF hex The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. Data in Programmer's User RAM is partitioned as follow: 01FF hex MOR register (EPROM cell) 1600 hex - 1DFF hex main EPROM 1FF0 hex - 1FFF hex user vectors EPROM Blank state of MOR byte is 1F hex. Unused bits in MOR register (bits #5 to #7) are not blank checked or verified. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705JB4 ---------- Blank state of EPROM byte : FF hex The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. Data in Programmer's User RAM is partitioned as follow: 007F hex MOR register (EPROM cell) 1000 hex - 1DFF hex main EPROM 1FF0 hex - 1FFF hex user vectors EPROM Blank state of MOR byte is 3F hex. Unused bits in MOR register (bits #5 to #7) are not blank checked. To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The checksum is calculated by adding bytes from address 0000 hex to FFFF hex in the Programmer's User RAM. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705RC16 ---------- Blank state of EPROM byte : 00 hex The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. Data in Programmer's User RAM is partitioned as follow: 0180 hex - 3FAF hex EPROM (EPROM cells) 3FF0 hex MOR1 register (EPROM cell) 3FF1 hex MOR2 register (EPROM cell) 3FF2 hex - 3FFF hex User Vectors (EPROM cells) A special care has to be given to the MOR1 register at address 3FF0 hex. It is an EPROM byte and it contains a security bit (bit #3). When this bit is programmed, the part is secured. The exception is the MOR1 register. By loading the device and checking the value of the MOR1 register in the Programmer's User RAM it can be determined whether the part is secured. Security bit will be programmed if lower nibble of the data byte in the Programmer's User RAM at address 3FF0 hex has value from 8 to F. Example: A9 hex = 1010 1001 binary lower nibble is 9; that means the part will be secured during programming. C7 hex = 1100 0111 binary lower nibble is 7; that means the part will not be secured during programming. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705J2 ---------- Blank state of EPROM byte : 00 hex The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. Data in Programmer's User RAM is partitioned as follow: 0700 hex - 0EFF hex EPROM 0F00 hex MOR register (EPROM cell) 0FF0 hex - 0FFF hex Users Vectors (EPROM cells) Bits in MOR register at address F00 hex.: bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 bit 0 -------------------------------------------------------------------- unused unused unused unused unused J1 IRQ COP To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705J2 as 68HC705J1 ---------------------- Blank state of EPROM byte : 00 hex The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. Data in Programmer's User RAM is partitioned as follow: 0300 hex - 06FF hex EPROM 0700 hex MOR register (EPROM cell) 07F0 hex - 07FF hex Users Vectors (EPROM cells) To enable the 705J1 emulation mode, set bit J1 in MOR register to '1' (MOR is at adr. 700 hex in the Programmer's RAM). The data in the Programmer's RAM must be distributed as in the table above. Then program the device using 705J2(J1) algorithm. Bits in MOR register at address 700 hex.: bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 bit 0 -------------------------------------------------------------------- unused unused unused unused unused J1 IRQ COP To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705V8 --------- Blank state of EPROM byte : 00 hex Blank state of EEPROM byte : FF hex The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. Data in Programmer's User RAM is partitioned as follow: 0240 hex - 02BF hex EEPROM 0D00 hex - 3BFF hex EPROM 3C00 hex MOR register (EPROM cell) 3FF0 hex - 3FFF hex Users Vectors (EPROM cells) Bits in MOR register at address 3C00 hex.: bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 bit 0 -------------------------------------------------------------------- unused REGEN VDDC MDLCPU LVR STOPEN IRQ COPEN '0' To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705X4 ---------- The current algorithm will work with newer mask versions (1F88B or higher ). The devices with the newer mask have a default 'divide by 10' in MOR register. If the old mask device is used with the algorithm HC705X4-1F88, an error 'NOT SYNCHRONIZED DURING POWER - (BAD DEVICE OR OLD MASK DEVICE)' will occure. Check the mask number on the device then. Blank state of EPROM byte : 00 hex The data in the Programmer's User RAM corresponds directly to the memory map of the microcontroller. Data in Programmer's User RAM is partitioned as follow: 0F00 hex - 1EFF hex Main EPROM (4096 bytes) 1F00 hex MOR register (EPROM cell) 1FF0 hex - 1FFF hex User Vectors (EPROM cells) Bits in MOR register at address 1F00 hex.: bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 bit 0 -------------------------------------------------------------------- unused unused unused unused DIV2 unused unused COP On the new masks: If the bit #3 (DIV2) = '0', then 'Select divide by 10' is used by the device. Unused bits should be '0'. That means that the value in MOR should be 00 hex, 08 hex, 01 hex or 09 hex. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC705K1 --------- Blank state of EPROM byte : 00 hex Data in the programmer's User Memory is partitioned as follows: RAM, UNUSED - 000 - 1FF hex fill with 00 hex MOR - 17 hex programmable USER EPROM - 200 - 3EF hex programmable TEST ROM, COP - 3F0 - 3F7 hex fill with 00 hex USER VECTORS - 3F8 - 3FF hex programmable PEPROM (personality) - 400 - 47F hex 64 bytes programmable ***************************************************************** * * * The PEPROM module resides in User's ram as follows : * * * * -> 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0E 0F * * | * * 400 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row0 * * 410 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row1 * * 420 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row2 * * 430 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row3 * * 440 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row4 * * 450 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row5 * * 460 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row6 * * 470 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row7 * * ^ | | * * | c0 c1 c2 c3 c4 c5 c6 c7 ----- unused ------ * * | * * | * * User's RAM adr. * * * * * * xx = value of the Person. EPROM bit (should be 00 or 01h). * * $01 corresponds to '1' and $00 corresponds to = '0'. * * 400 - 470 are addresses in the Programer User's RAM. * * Locations marked as 00 should be filled with 00 hex. * * * * For the corresponding addresses of the Person. EPROM bits see * * the table bellow. * * * * * * 00 08 10 18 20 28 30 38 row0 * * 01 09 11 19 21 29 31 39 row1 * * 02 0A 12 1A 22 2A 32 3A row2 * * 03 0B 13 1B 23 2B 33 3B row3 * * 04 0C 14 1C 24 2C 34 3C row4 * * 05 0D 15 1D 25 2D 35 3D row5 * * 06 0E 16 1E 26 2E 36 3E row6 * * 07 0F 17 1F 27 2F 37 3F row7 * * * * c0 c1 c2 c3 c4 c5 c6 c7 * * * ***************************************************************** The checksum is calculated over all 480 hex Memory locations! To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. The window on the device must be covered with an opaque label during any operation (if UV erasable part). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC05K1 -------- Blank state of EPROM byte : 00 hex Only PEPROM is programmable. Data in the programmer's User Memory is partitioned as follows: RAM, UNUSED - 000 - 1FF hex fill with 00 hex MOR - 17 hex mask-fill with 00 hex USER EPROM - 200 - 3EF hex fill with 00 hex TEST ROM, COP - 3F0 - 3F7 hex fill with 00 hex USER VECTORS - 3F8 - 3FF hex mask-fill with 00 hex PEPROM (personality) - 400 - 47F hex 64 bytes programmable ***************************************************************** * * * The PEPROM module resides in User's ram as follows : * * * * -> 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0E 0F * * | * * 400 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row0 * * 410 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row1 * * 420 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row2 * * 430 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row3 * * 440 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row4 * * 450 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row5 * * 460 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row6 * * 470 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row7 * * ^ | | * * | c0 c1 c2 c3 c4 c5 c6 c7 ----- unused ------ * * | * * | * * User's RAM adr. * * * * * * xx = value of the Person. EPROM bit (should be 00 or 01h). * * $01 corresponds to '1' and $00 corresponds to = '0'. * * 400 - 47F are addresses in the Programer User's RAM. * * Locations marked as 00 should be filled with 00 hex. * * * * For the corresponding addresses of the Person. EPROM bits see * * the table bellow. * * * * * * 00 08 10 18 20 28 30 38 row0 * * 01 09 11 19 21 29 31 39 row1 * * 02 0A 12 1A 22 2A 32 3A row2 * * 03 0B 13 1B 23 2B 33 3B row3 * * 04 0C 14 1C 24 2C 34 3C row4 * * 05 0D 15 1D 25 2D 35 3D row5 * * 06 0E 16 1E 26 2E 36 3E row6 * * 07 0F 17 1F 27 2F 37 3F row7 * * * * c0 c1 c2 c3 c4 c5 c6 c7 * * * ***************************************************************** The checksum is calculated over all 480 hex Memory locations! To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC805K3 --------- All blank devices from the manufacturer are secured. Blank state of EEPROM byte : 00 hex Blank state of MOR1 byte : 00 hex Blank state of MOR2 byte : %xxxxxx00 bin (usually 10 hex), secured device x means undefined Data in the programmer's User Memory is partitioned as follows: MOR1 - 0012 hex MOR2 - 0013 hex (security byte) USER EEPROM1 - 0020 - 00BF hex USER EEPROM2 - 0100 - 03EF hex USER VECTORS - 03F8 - 03FF hex PEEPROM (personality) - 0400 - 04FF hex To unsecure the device, select Electronic Erase under the Device Check Menu screen. Erasing the device causes that all data in the device is erased and security bit #0 and security bit #1 in MOR2 (at address 0013 hex) are programmed to '1'. Unsecured device has MOR2 value equal to %xxxxxx11 bin (usually 13 hex). Enable Erase EE Device option in Program Memory Device screen to unsecure the blank device automatically before the programming. Also enable at least one pass verify. When the secured device is read, only MOR1 and MOR2 registers are read and the warning message is displayed. No other locations in the Programmer's User RAM than MOR1 and MOR2 are modified. Secured device can not be verified. MOR2 register (bits #0 and #1 are security bits) is not verified or blank checked. To secure the device, enable the Security Option in the Program Memory Device Options screen by changing 'N' to 'Y'. If the Security Option is enabled, the security bits #0 and #1 in the MOR2 register are erased to '0' and verified. When those bits are erased, the part is secured. The MOR2 register data from your datafile or your master device is ignored by the programmer. *********************************************************************** * * * The PEEPROM module resides in User's ram as follows : * * * * -> 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0E 0F * * | * * 400 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 0 * * 410 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 1 * * 420 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 2 * * 430 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 3 * * 440 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 4 * * 450 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 5 * * 460 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 6 * * 470 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 7 * * 480 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 8 * * 490 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 9 * * 4A0 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 10 * * 4B0 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 12 * * 4C0 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 13 * * 4D0 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 14 * * 4E0 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 15 * * 4F0 xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 row/byte 16 * * ^ | | * * | c0 c1 c2 c3 c4 c5 c6 c7 ----- unused ------ * * | * * | * * User's RAM adr. * * * * * * xx = value of the Person. EEPROM bit (should be 00 or 01h). * * $01 corresponds to '1' and $00 corresponds to = '0'. * * 400 - 4FF are addresses in the Programer User's RAM. * * Locations marked as 00 should be filled with 00 hex. * * * * For the corresponding addresses of the Person. EEPROM bits see * * the table bellow. * * * * * * 00 01 02 03 04 05 06 07 row/byte 0 * * 10 11 12 13 14 15 16 17 row/byte 1 * * 20 21 22 23 24 25 26 27 row/byte 2 * * 30 31 32 33 34 35 36 37 row/byte 3 * * 40 41 42 43 44 45 46 47 row/byte 4 * * 50 51 52 53 54 55 56 57 row/byte 5 * * 60 61 62 63 64 65 66 67 row/byte 6 * * 70 71 72 73 74 75 76 77 row/byte 7 * * 80 81 82 83 84 85 86 87 row/byte 8 * * 90 91 92 93 94 95 96 97 row/byte 9 * * A0 A1 A2 A3 A4 A5 A6 A7 row/byte 10 * * B0 B1 B2 B3 B4 B5 B6 B7 row/byte 11 * * C0 C1 C2 C3 C4 C5 C6 C7 row/byte 12 * * D0 D1 D2 D3 D4 D5 D6 D7 row/byte 13 * * E0 E1 E2 E3 E4 E5 E6 E7 row/byte 14 * * F0 F1 F2 F3 F4 F5 F6 F7 row/byte 15 * * * * c0 c1 c2 c3 c4 c5 c6 c7 * * ^ ^ * * | | * * | | * * bit #0 in byte bit #7 in byte * * * *********************************************************************** The checksum is calculated over all 500 hex Memory locations! To insure the integrity of the programmer's checksum, the unused locations in the Programmer's User RAM must be set to 00 hex prior loading the device or downloading the data file. Use the Fill Ram option under the More-Edit screen. Fill 10000 locations with 00h and then load your master device or download the data file. When using a data file instead of a master device to put your data in the Programmer's User RAM, check locations 400 - 4FF hex if Personality EEPROM bits are correctly positioned. You will need to modiify those locations by hand. Using a master device preferable method for placing your data in the Programmer's User RAM. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC11A1 ---------- Blank state of byte: FF hex Blank state of config. register: 0D hex (0F hex on some devices) Data in the Programmer's User RAM is partitioned as follow: 103F hex config. register (EEPROM cell) B600 hex - B7FF hex EEPROM A special care has to be given to the configuration register at address 103F hex. It is EEPROM byte and can be erased. bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1 bit 0 -------------------------------------------------------------------- 0 0 0 0 NOSEC NOCOP ROMON EEON always always always always usually 1 usually 0 ROMON bit = '0' means that the masked ROM is disabled EEON bit = '0' means that the EEPROM is disabled and takes no space in the memory map. Not all bits in the configuration register are programmable. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC912D60 ---------- Blank state of EEPROM byte : FF hex Blank state of FLASH byte : FF hex Data in Programmer's User RAM is partitioned as follow: 0C00 hex - 0FFF hex EEPROM array 1000 hex - 7FFF hex 28k flash main array 8000 hex - FFFF hex 32k flash main array/vectors Some devices from the manufacturer are not blank. Therefore, enable ERASE EE DEVICE in the PROGRAM MEMORY DEVICE screen. It is not necessary to enable BLANK CHECK during programming when ERASE EE DEVICE is enabled. There is a blank check routine inside the erase routine. Enabling the BLANK CHECK would consume more time in this case. Check with the design engineer if the data file matches the mapping table above. More convenient is to use a master device for transfering the data to the programmer. The checksum is calculated from locations mentioned in the table above. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC912DA128 ------------ 68HC912DG128A ------------ Blank state of EEPROM byte : FF hex Blank state of FLASH byte : FF hex Data in Programmer's User RAM is partitioned as follow: 00800 hex - 00FFF hex EEPROM array 10000 hex - 13FFF hex page #0 of flash main array 14000 hex - 17FFF hex page #1 of flash main array 18000 hex - 1BFFF hex page #2 of flash main array 1C000 hex - 1FFFF hex page #3 of flash main array 20000 hex - 23FFF hex page #4 of flash main array 24000 hex - 27FFF hex page #5 of flash main array 28000 hex - 2BFFF hex page #6 of flash main array 2C000 hex - 2FFFF hex page #7 of flash main array Some devices from the manufacturer are shipped NOT blank. Therefore, enable the "Erase EE device" flag in the PROGRAM MEMORY DEVICE screen, or under the General tab on the programmer Properties Dialog box in TaskLink. It is not necessary to enable BLANK CHECK during programming when the "Erase EE device" flag is enabled. There is a blank check routine inside the erase routine, thus enabling the BLANK CHECK flag would make the programming operation consume more time then necessarily. Check with your design engineer to make sure the data file you are working with matches the device address mapping in the table above. Or use a master device to transfer your data to the programmers RAM. The checksum is calculated using the address locations shown in the table above. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC912B32 ---------- Blank state of EEPROM byte : FF hex Blank state of FLASH byte : FF hex Data in Programmer's User RAM is partitioned as follow: 0D00 hex - 0FFF hex EEPROM array 8000 hex - FFFF hex 32k flash main array/vectors Some devices from the manufacturer are not blank. Therefore, enable ERASE EE DEVICE in the PROGRAM MEMORY DEVICE screen. It is not necessary to enable BLANK CHECK during programming when ERASE EE DEVICE is enabled. There is a blank check routine inside the erase routine. Enabling the BLANK CHECK would consume more time in this case. Check with the design engineer if the data file matches the mapping table above. More convenient is to use a master device for transfering the data to the programmer. The checksum is calculated from locations mentioned in the table above. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC908JK1 / 68HRC908JK1 ------------------------- Blank state of FLASH byte : FF hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device, not added to checksum) F600 hex - FBFF hex FLASH array FFD0 hex - FFFF hex User vectors (FLASH cells) The checksum is calculated from locations mentioned in table above. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Even blank devices are secured. For the blank devices the security code is eight FFh bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write FFh into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM different than FFh. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programmed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. The device can be bulk erased in the case that the user forgot the security code. All locations will be erased to FFh and the new security code will change to eight FFh (blank device security code). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC908JK3 / 68HRC908JK3 ------------------------ 68HC908JL3 / 68HRC908JL3 ------------------------ Blank state of FLASH byte : FF hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device, not added to checksum) EC00 hex - FBFF hex FLASH array FFD0 hex - FFFF hex User vectors (FLASH cells) The checksum is calculated from locations mentioned in table above. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Even blank devices are secured. For the blank devices the security code is eight FFh bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write FFh into locations 0000h to 0007h. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM different than FFh. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programmed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. The device can be bulk erased in the case that the user forgot the security code. All locations will be erased to FFh and the new security code will change to eight FFh (blank device security code). NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC908AB32FU (64 pin QFP) --------------------------- Blank state of EEPROM byte : FF hex Blank state of EENVR byte : FF hex (from the factory : 10 hex) Blank state of FLASH byte : FF hex Data in Programmer's User RAM is partitioned as follow: 0000 hex - 0007 hex Eight security bytes (not programmed to the device, not read from the device, not added to checksum) 0800 hex - 09FF hex EEPROM array 8000 hex - FDFF hex FLASH array FE10 hex ** EEDIVHNVT register (EEPROM cell) FE11 hex ** EEDIVLNVT register (EEPROM cell) FE1C hex ** EENVR register (EEPROM cell) FF7E hex ** FLBPR register (FLASH cell) FFD0 hex - FFFF hex User vectors (FLASH cels) After downloading the data file, check the User's RAM locations marked as ** if they contain the right values. Some data files have missing values for these locations. Devices shipped from the manufacturer have EENVR register programmed to 10 hex. Be careful with the register EENVR (at address FE1C hex). Bit #4 (EEPRTCT)in this register is a protection bit. Programming it to '0' prevents program/erase access to memory locations $08F0 hex to $08FF hex. Programming this security bit has also the following effects: * Bulk and block erase are disabled * Programming and erasing EENVR registers is disabled. * Only unsecured locations at $0800 hex to $08EF hex can be erased by using single byte erase. EEDIVHNVT register uses bit #7 (EEDIVCECD bit)as a protection bit. When this bit is programmed to '0', registers EEDIVHNVT and EEDIVLNVT can not be erased. In order to keep EEPROM/FLASH locations blank (unprogrammed), be sure that your datafile contains the right blank values in these locations. These locations in the Programmer's can be modified manually. The checksum is calculated from locations mentioned in tables above. Bytes at locations 0000h to 0007h in Programmer's User RAM are not added to the checksum, and they are not programmed to the device. They serve only to bypass the security feature of the device. Even blank devices are secured. For the blank devices the security code is eight FFh bytes. How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values ( security key) into locations 0000h to 0007h. That means hat the value in the location 0000h has the same value as the location FFF6h an so on. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write FFh into locations 0000h to 0007h. This is the security key for the blank device. 2. Read or verify the device. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. To secure the device, make at least one location from address FFF6h to FFFDh in the Programmer's User RAM different than FFh. Then program the device. If you want to read, verify or reprogram a secured device, put the security code you have programmed to the device in the Programmer's User RAM locations 0000h to 0007h. Then perform the desired operation. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC908AZ60AFU (FU means 64 pin QFP package) ------------------------------------------ Blank state of EEPROM byte : FF hex Blank state of FLASH byte : FF hex Data in Programmer's User RAM is partitioned as follow: FFF6 hex - FFFD hex Eight security bytes (in Users Vectors) 0450 hex - 04FF hex FLASH-2 array 0580 hex - 05FF hex FLASH-2 array 0600 hex - 07FF hex EEPROM-2 array 0800 hex - 09FF hex EEPROM-1 array 0E00 hex - 7FFF hex FLASH-2 array 8000 hex - FDFF hex FLASH-1 array FE10 hex ** EE1DIVHNVT register (EEPROM-1 byte) FE11 hex ** EE1DIVLNVT register (EEPROM-1 byte) FE1C hex ** EE1NVR register (EEPROM-1 byte) FF70 hex ** EE2DIVHNVT register (EEPROM-2 byte) FF71 hex ** EE2DIVLNVT register (EEPROM-2 byte) FF7C hex ** EE2NVR register (EEPROM-2 byte) FF80 hex ** FL1BPR register (FLASH-1 cell) FF81 hex ** FL2BPR register (FLASH-1 cell) FFCC hex - FFFF hex User vectors (FLASH-1 cells) After downloading the data file, check the User's RAM locations marked as ** if they contain the right values. Some data files have missing values for these locations. Some devices shipped from the manufacturer do not have EENVR1 and EENVR2 registers erased to FF hex. In this case, prior the programming the device, enable "Erase EE Device" option in the Program Memory Device Options screen. Always check EENVR1 and EENVR2 locations in User's RAM if they contain the desired data. Be careful with registers EENVR1 (at address FE1C hex) and EENVR2 (at address FE18 hex). Bit #4 in these registers are security bits. Programming them to '0' prevents program/erase access to memory locations $08F0 hex to $08FF hex. Programming the security bits has also the following effects: * Bulk and block erase are disabled * Programming and erasing EENVR registers is disabled. * Only unsecured locations at $0800 hex to $08EF hex can be erased by using single byte erase. In order to keep EEPROM/FLASH locations blank (unprogrammed), be sure that your datafile contains the right blank values in these locations. These locations in the Programmer's can be modified manually. The checksum is calculated from locations mentioned in tables above. Bytes at locations FFF6h to FFFDh in Programmer's User RAM are the security key. They serve only to bypass the security feature of the device. How to read a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. After the file is downloaded, the security key from the file is located at locations FFF6h to FFFDh in the Programmer's User RAM. Or enter your security key manually in locations FFF6h to FFFDh in the Programmer's User RAM. The file download is not necessary in this case. 2. Read or verify the device. How to verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. After the file is downloaded, the security key from the file is located at locations FFF6h to FFFDh in the Programmer's User RAM. 2. Read or verify the device. Blank devices do not need any security key entered. Do not leave locations FFF6h to FFFDh blank. For security reasons, program those locations to some value different than FFh even if they are not used for vectors. Values that you programmed to locations FFF6h to FFFDh is your security code. Do not forget your security code. NOTE: Always enable at least one pass verify when programming. ************************************************************************ 68HC908QT1 ---------- 68HC908QY1 ---------- 68HC908QT2 ---------- 68HC908QY2 ---------- 68HC908QT4 ---------- 68HC908QY4 ---------- MC908QY8 ---------- Blank state of the FLASH Memory is: FF hex NOTE: Oscillator Calibration Byte Programming is NOT supported at this time. For this reason Erase is NOT supported at this time. Support for both Oscillator Calibration Byte Programming and Erase support will be available in the the upcomming software release. DETAILS OF THE DEVICE MEMORY MAP IN PROGRAMMER RAM: ---------------------------------------------------------------------- ---------------------------------------------------------------------- Eight Duplicate Security Bypass Bytes are located in the Memory Map at the following Address: 0000 hex -> 0007 hex Definition of this "Eight Duplicate Security Bypass Bytes" Array: -- The Eight Security Bypass Bytes allow the end user to access the device during Load, Verify, Blank Check programmer operations. -- NOTE: These bytes are NOT the data that is programmed into the device's Security Code Bytes at Address FFF6 hex -> FFFD hex. They are not read from the device and they are not added to the device checksum. Main FLASH Memory Array for QY8: Programmer's User RAM data is partitioned as follows: DE00 hex -> FDFF hex User RAM Main FLASH memory array Main FLASH Memory Array for QY4,QT4: Programmer's User RAM data is partitioned as follows: EE00 hex -> FDFF hex User RAM Main FLASH memory array Main FLASH Memory Array for QY2, QT2, QY1, QT1: Programmer's User RAM data is partitioned as follows: F800 hex -> FDFF hex User RAM Main FLASH memory array User Vectors Memory Map for QY8, QY4,QY2,QY1,QT4,QT2,QT1: FFC2 hex -> FFFF hex User vectors Device Security Code Memory Map for QY8, QY4,QY2,QY1,QT4,QT2,QT1: FFF6 hex -> FFFD hex Device Security Code(Security Bytes) The checksum is calculated for only the memory areas defined in the above memory map. Please note one exception, which is the the Eight security bytes at address: 0000 hex - 0007 hex This data is only used for User Access to the device; therefore these eight bytes are NOT included in the checksum calculation. NOTE: The device's Security Bytes must be entered at location: 0000 hex -> 0007 hex in order to allow the end user access to the device during Load, Verify, Blank device operations. If these values DO NOT match what was programmed into the device then the programmer will return the following error message: "SECURITY NOT BYPASS - TRY ANOTHER SECURITY COMBINATION" These Duplicate Security Bytes located at address 0000h -> 0007h in the Programmer's User RAM are entered by User in order to allow device access for operations such as Load or Verify. These bytes must be an exact duplicate of the data located at address FFF6 hex -> FFFD hex in the device in order for the User to perform either a Load or Verify Operation. Blank/Erased devices are secured and in order to program a blank device the security code(data) entered at address 0000 hex -> 0007 hex must be equal to the follow data as seen in the Progammers User RAM Editor: HEXADECIMAL ADDRESS -0 -1 -2 -3 -4 -5 -6 -7 -8 -9 -A -B -C -D -E -F 00000000 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 How to read or verify a secured device: 1. Download your data file into the Programmer's User RAM. The data file has to be the same file that was used for that particular device programming. 2. Go to the Programmer's User RAM and write on the paper the content of locations FFF6h to FFFDh. This is the security key for your device. 3. Go to the Programmer's User RAM and write those values (security key) into locations 0000 hex -> 0007 hex. That means that the value in the the address location 0000 hex has the same value as the location FFF6 hex an so on up to FFFD hex. 4. Read or verify the device. How to read or blank check a blank device: 1. Go to the Programmer's User RAM and write FFh into locations 0000 hex -> 0007 hex 2. Read or verify the device. It is recommended that you do not leave locations FFF6 hex -> FFFD hex blank in your data file if you would like to enable code security in the device. To secure these devices, make at least one location from address: FFF6 hex -> FFFD hex in the Programmer's User RAM different than FF hex when setting up for a programming operation. Please note that if you want to read, verify or reprogram your device once you have programmed a "security code" into the device (i.e. secured the device) you MUST put the same "security code" values into User RAM addresses: 0000 hex -> 0007 hex before you can perform the desired operations. Do not forget your security code, if you need to load from master you will need to enter this code into the programmers User RAM addresses: 0000 hex -> 0007 hex before you perform a Load, Verify or Re-program operation. Failure to do so will generate the following error: "SECURITY NOT BYPASS - TRY ANOTHER SECURITY COMBINATION" NOTE: Always enable at least one pass verify when programming. ************************************************************************ ************************************************************************ ************************************************************************