2.9.2.4.1 Configuring Secure Boot Mode
The recommended procedure to configure the Secure Boot mode, using the
SAM-BA tool (available on www.microchip.com), is the following:
- Write the Boot Configuration Packet, with the required boot settings and boot memory interface.
- Set the Secure Boot mode.
- Send the customer key.
- Send the root certificate hash (in case an RSA signature is used).
- Program the ciphered bootstrap.
- Program the other application files.
- Disable invalidation of the Boot and Secure Boot Configuration Packets by writing the corresponding bits in the User Hardware Configuration Packet (see section "OTP Memory Controller (OTPC)").
- Lock the Boot Configuration Packet and the Secure Boot Configuration Packet.
- Disable the Secure SAM-BA Monitor to avoid any further access.
Note: Keeping the Secure Monitor enabled in
order to update the bootstrap in the field or in house is not recommended.