2.7 Code Protection and Secured Device

There are two protection mechanisms in the PIC32CX-BZ6 devices. One is code protection and the other is secured device and are described as follows:

1. When the code protection is enabled, the device is locked from programming and debugging. Only chip erase can retrieve the device to normal programming and debugging condition.
2. DEBUG_LCK bits in the SECCFG register in the root of trust determines if the device is locked for debug. If the DEBUG_LCK bits are non-zero, the device is a secured device. Securing of the device implies:
   1. If the secure boot key is non-zero, DFU code authentication is mandatory. Otherwise, authentication is not required.
   2. The debug features of the device are not available.
   3. Device programming through SWD is available. The debugger can be plugged in only through the cold-plugging procedure. The hot plugging feature is not available. (Refer to the DSU section of device data sheet for cold and hot plugging.)
   4. The DEBUG_LCK bits are in eFuse (one time programmable memory); therefore, once locked, the device is permanently locked for debug, unlike the code protection mechanism, which can be cleared on a chip erase.