11 Security Module

The security module protects the operation of the device and intellectual property from unauthorized access, use and modification. The following security features are available on the PIC32AK1216GC41064 family of devices:

• Secure Boot
• Secure Debug
• Immutable Root of Trust (IRT)
• Code Protect
• ICSP Program/Erase Disable (Entire Flash OTP by ICSP Write Inhibit)
• Firmware IP Protection
• Flash Write Protection

The security features can be characterized into four categories:

Device Locking prevents unauthorized external access via debugger or programmer ICSP interfaces (local attacks). Device locking features include Code Protect, Entire Flash OTP by ICSP Write Inhibit and Secure Debug.

The Immutable Root of Trust (IRT) partition protects IRT firmware and data for implementation of Secure Boot, Secure Debug, Device Attestation and other security functions.

Eight Configurable Protection Regions provide flexible user program Flash access control. The protection regions include: IRT partition, immutable device firmware (OTP), firmware IP protection (execute-only memory), Flash write-protection and code Flash partitioning.

Flash Access Control is provided for the executive, user OTP and user configuration Flash spaces.