27.5.18 Immutable Boot, Boot Read Protection, and Secure Debug Features Overview
The following tables provide an overview of the major security options.
| Chip Erase Hard Lock (DSU STATUSB.CEHL) |
Boot Protect Hard Lock (NVMCTRL STATUS.BPHL) |
Immutable Boot Capability |
|---|---|---|
| X | 0 | No |
| X | 1 | Yes |
Note:
- The Immutable Boot feature optionally coupled with Chip Erase Hard Lock and Boot Read Protection allows for the support of a Secure Boot flow in the condition where a specific application code is developed and programmed on the boot section.
| Security Bit (DSU STATUSB.PROT) |
Boot Protect Hard Lock (NVMCTRL STATUS.BPHL) |
Boot Protect Disable (NVMCTRL STATUS.BPDIS) |
Boot Code Update Capability |
|---|---|---|---|
| 1 | 1 | X | No |
| 1 | 0 | X | Yes (1) |
| 0 | N/A | 0 | Yes (1) |
| 0 | N/A | 1 | Yes |
Note:
- Requires to perform a Boot Protect Disable command (SBPDIS).
| Chip Erase Hard Lock (DSU STATUSB.CEHL) |
Boot Protect Hard Lock (NVMCTRL STATUS.BPHL) |
Re-Flash Device |
|---|---|---|
| 0 | 0 | Yes |
| 0 | 1 | Yes (except BOOTPROT region) |
| 1 | X | No |
Note:
- The Re-Flash of the device is the ability to perform a chip erase and re-program the Flash. Performing a chip erase allows to clear the security bit (if set) and so re-enable debug capabilities.