16.5.6 Error Handling and Fault Conditions

Upon any reset, the Boot ROM begins execution by performing a fuse integrity check, which is a critical prerequisite before the device can proceed to execute the first mutable application code. During the boot process, the device may encounter unsafe operating conditions due to various reasons, including but not limited to:

Invalid or inconsistent device configuration
Memory faults (double-bit ECC errors)
Unintended or undefined device states

In such scenarios, the Boot ROM proactively halts the boot process and transitions the device into a known safe state called Interactive Mode (Example: involuntary entry to IMODE). In this mode, user intervention is required to perform corrective actions.

Note: Upon any reset, the device begins execution with Error Correction Code (ECC) enabled for both Flash and SRAM. Users may choose to disable ECC checking for specific memory regions via the BOOTCFG1/1A configuration fuses. However, this user-defined ECC configuration becomes effective only after the Boot ROM completes execution and transfers control to the first mutable application code at address 0x0800_0000. During Boot ROM execution, ECC checks remain always enabled, regardless of user configuration.