27.5.18 Immutable Boot, Boot Read Protection, and Secure Debug Features Overview

The following tables provide an overview of the major security options.

Table 27-11. Immutable Boot Capability (1)
Chip Erase Hard Lock

(DSU STATUSB.CEHL)

Boot Protect Hard Lock

(NVMCTRL STATUS.BPHL)

Immutable Boot Capability
X 0 No
X 1 Yes
Note:
  1. The Immutable Boot feature optionally coupled with Chip Erase Hard Lock and Boot Read Protection allows for the support of a Secure Boot flow in the condition where a specific application code is developed and programmed on the boot section.
Table 27-12. Boot Code Update Capability
Security Bit

(DSU STATUSB.PROT)

Boot Protect Hard Lock

(NVMCTRL STATUS.BPHL)

Boot Protect Disable

(NVMCTRL STATUS.BPDIS)

Boot Code Update Capability
1 1 X No
1 0 X Yes (1)
0 N/A 0 Yes (1)
0 N/A 1 Yes
Note:
  1. Requires to perform a Boot Protect Disable command (SBPDIS).
Table 27-13. Re-Flash Device Capability(1)
Chip Erase Hard Lock

(DSU STATUSB.CEHL)

Boot Protect Hard Lock

(NVMCTRL STATUS.BPHL)

Re-Flash Device
0 0 Yes
0 1 Yes (except BOOTPROT region)
1 X No
Note:
  1. The Re-Flash of the device is the ability to perform a chip erase and re-program the Flash. Performing a chip erase allows to clear the security bit (if set) and so re-enable debug capabilities.