19.2.7 Secure Boot Mode Configuration
By default, the device operates a Standard Boot sequence (see Standard Boot Strategy). In this mode, the chip can boot on a standard binary program present in any external non-volatile memory.
To configure the device to operate a Secure Boot sequence and to be able
to boot a ciphered application, at least two steps must be followed, the third being done
only when using the RSA signature:
- Set the chip in Secure mode.
- Send the customer key.
- (If AES-RSA mode is selected) Send RSA Hash.
These steps are mandatory prior to programming a boot file in an external NVM and can only be done once.
To set the chip in Secure mode, a valid Secure Boot Configuration packet must be written.