11.4.3 Secure Debug

Secure debug is a device locking option that provides IRT firmware control over external access to the device. Secure debug is enabled with a Configuration bit SECDBG (FSECDBG[0]) in the UCB area. The IRT and UCB write-protect Configuration bits also need to be programmed for secure debug access controls to take effect. When secure debug is enabled, external access is controlled by the EAA (IRTCTRL[0]) bit which is only reset on a cold Reset (POR or BOR). Only IRT firmware can write to IRTCTRL unless the DBG (IRTCTRL[1]) bit is set. When EAA (IRTCTRL[0]) bit = ‘0’, the device is locked. All external access via debug and programming interfaces is disabled.

When the JTAG port is enabled, only the boundary scan function is allowed when the device is locked. When EAA (IRTCTRL[0]) bit = ‘1’, debug and test access is allowed. Unless DBG (IRTCTRL[1]) bit = ‘1’, IRT Flash regions remain protected from the external and debug access. However, a properly timed Reset during IRT firmware execution may leak IRT information in RAM and registers, which retain their state through the Reset. So, when EAA bit = ‘1’, IRT firmware should not access symmetric (secret) or private operational keys if these need to be protected from the external access when the device is unlocked. Public keys may be accessed as disclosure of these keys is not a security issue. IRT firmware may use any means for secure debug external access authorization. The IRT firmware may implement various non-volatile external access configuration options, including access based on an authenticated unlock token, permanently disabling access and unrestricted access. In any case, when secure debug is enabled, the device must boot after a cold Reset for the IRT firmware to enable access by setting the EAA bit.

Both the Entire Flash OTP by ICSP Write Inhibit and UCB write protect configuration bits must be programmed for Entire Flash OTP by ICSP Write Inhibit access controls to be enabled. UCB write-protect is an OTP Configuration Word. Once Entire Flash OTP by ICSP Write Inhibit is enabled, it cannot be disabled.

IRT, secure debug and UCB write-protect Configuration bits must all be programmed for secure debug to be enabled.

UCB write-protect (FWPUCB) is an OTP Configuration word. Once secure debug is enabled, it cannot be disabled. Secure debug can be used either with or without code protection. When secure debug is enabled without code protection, once authorization is given, debug and test access are allowed with full access to user program and user data Flash (subject to protection region restrictions). When both secure debug and code-protect are enabled, both IRT authorization and a chip erase are required for external access to user program Flash. This allows user program to be changed without revealing its original contents and only with IRT authorization. The permanent regions (IRT and OTP) are not erased on a chip erase. When secure debug is enabled, there is no means to disable or bypass secure debug access controls. For development, secure debug can be emulated by external development tools (debugger). To emulate the secure debug, the secure debug Configuration bit (SECDBG) should not be programmed. The external development tools follow the normal procedure for enabling external access as if secure debug is enabled. The IRT firmware sets the EAA bit state accordingly. The external development tools check the EAA bit to determine if external access would be permitted if the secure debug was enabled.