Scope

This application note focuses on the steps and requirements to enable the ROM code Secure Boot mode on SAM9X60 MPUs. It specifically covers the transition from Standard Boot mode to Secure Boot mode by activating Secure Boot in the ROM code and correctly programming the associated One-Time Programmable (OTP) secure configuration packet.

This document does not include details on security mechanisms, authentication chains or integrity protections related to second-stage bootloaders (such as at91bootstrap or U-Boot) or the operating system/application level. These topics are outside the scope of this application note and should be addressed separately, based on the system's overall threat model and architecture.

The intended audience includes firmware developers and platform security engineers who prepare for the deployment of a secure hardware Root of Trust infrastructure using only the hardware-backed security features built into the ROM code of SAM9X60 MPUs.