19.3.1 Configuring Secure Boot Mode

The recommended procedure to configure the Secure Boot mode, using the SAM-BA tool (available on www.microchip.com), is the following:
  1. Write the Boot Configuration Packet, with the required boot settings and boot memory interface.
  2. Set the Secure Boot mode.
  3. Send the customer key.
  4. Send the Root Certificate Hash (in case RSA signature is used).
  5. Configure the boot memory interface.
  6. Program the ciphered bootstrap.
  7. Program the other application files.
  8. Disable the monitor to avoid any further access to the Secure monitor.
  9. Lock the Boot Configuration Packet.
Note: Keeping the Secure Monitor enabled in order to update the bootstrap on the field or in-house is not recommended.
Warning: The Boot Configuration Packet must be written as the very first packet in OTP.