2.9.2.4.1 Configuring Secure Boot Mode

The recommended procedure to configure the Secure Boot mode, using the SAM-BA tool (available on www.microchip.com), is the following:
  1. Write the Boot Configuration Packet, with the required boot settings and boot memory interface.
  2. Set the Secure Boot mode.
  3. Send the customer key.
  4. Send the root certificate hash (in case an RSA signature is used).
  5. Program the ciphered bootstrap.
  6. Program the other application files.
  7. Disable invalidation of the Boot and Secure Boot Configuration Packets by writing the corresponding bits in the User Hardware Configuration Packet (see section "OTP Memory Controller (OTPC)").
  8. Lock the Boot Configuration Packet and the Secure Boot Configuration Packet.
  9. Disable the Secure SAM-BA Monitor to avoid any further access.
Note: Keeping the Secure Monitor enabled in order to update the bootstrap in the field or in house is not recommended.