19.2.7 Secure Boot Mode Configuration

By default, the device operates a Standard Boot sequence (see Standard Boot Strategy). In this mode, the chip can boot on a standard binary program present in any external non-volatile memory.

To configure the device to operate a Secure Boot sequence and to be able to boot a ciphered application, at least two steps must be followed, the third being done only when using the RSA signature:
  1. Set the chip in Secure mode.
  2. Send the customer key.
  3. (If AES-RSA mode is selected) Send RSA Hash.

These steps are mandatory prior to programming a boot file in an external NVM and can only be done once.

To set the chip in Secure mode, a valid Secure Boot Configuration packet must be written.