2.7 Code Protection and Secured Device

There are two protection mechanisms in the PIC32CX-BZ3/PIC32CX-BZ36 devices. One is code protection and the other is secured device and are described as follows:

1. When the code protection is enabled, the device is locked from programming and debugging. Only chip erase can retrieve the device to normal programming and debugging condition.
2. DEBUG_LCK bits in SECCFG register in the root of trust determines if the device is locked for debug. If the DEBUG_LCK bits are non-zero, the device is a secured device. Securing of the device implies:
   1. No unauthenticated firmware can be executed.
   2. The debug features of the device are not available and are locked down.
   3. Device programming through SWD is available. The debugger can be plugged in only through the cold-plugging procedure. The hot plugging feature is not available. (Refer to the DSU section of device data sheet for cold and hot plugging.)
   4. The DEBUG_LCK bits are in eFuse (one-time programmable memory); therefore, once locked, the device is permanently locked for debug, unlike the code protection mechanism, which can be cleared on a chip erase.