11.4.1 Code Protect

Code-protect is a device locking option that prevents external read-out and modification of the user program. The code protection is enabled with a Configuration CP (FCP[0]) bit in the UCA configuration area. Enabling code protection does the following:

• Disables debug
• Disables Configuration Words override in ICSP Programming mode
• Disables UCA write permissions in ICSP Programming mode
• Restricts access to Program Memory in ICSP Programming mode
• Restricts ECC error reporting for the Program Memory in the ICSP Programming mode

Code protection disables user program Flash execute, read and write permissions in ICSP Programming mode. The Program Memory CRC Configuration CRC (FCP[1]) bit can be programmed to allow user program memory CRC access in ICSP Programming mode when code-protect is enabled. The Flash protection regions may impose CRC access restrictions on all or part of user program Flash that applies in all modes. Code-protect also disables write permissions to UCA spaces in ICSP Programming mode. Code-protect is disabled after a chip erase; this allows a device to be reprogrammed without revealing the original user program or user data Flash contents. The permanent (OTP and IRT) regions are not erased on a chip erase. The Entire Flash OTP by ICSP Write Inhibit can be enabled to prevent external tools from chip erasing the device. UCA may be write-protected to prevent code-protect from being disabled in Mission mode. Enabling code-protect does not disable ICSP Programming Mode. This potentially allows access to data stored in RAM and registers that are not cleared on a Reset. Secure debug provides protection from this vulnerability.

If code-protect is enabled with CRC allowed, the ICSP Programming Mode may calculate the CRC over user program Flash pages. To prevent access to the protected spaces using ECC error injection and reporting, ECC error reporting data is restricted to address only for user program in ICSP Programming Mode when code-protect is enabled.