8.4 Program and Debug Interface Disable (PDID)
After activating the Program and Debug Interface Disable (PDID), the only way to write to the reprogrammable Flash memory (nonvolatile memory - NVM) is from the Boot Code section of the NVM. Consequently, CHIPERASE or other re-programming attempts through the UPDI will fail. Also, any attempt to read out any NVM content will fail.
Use the following procedure to enable the PDID feature (restrict access to NVM):
- Write
0xB452to the PDI Configuration (PDICFG) fuse:- Provide the NVM
Protection Active (NVMACT) key by writing
0xB45to bits PDICFG[15:4] (KEY) - Bits PDICFG[3:2] are unused - ensure they are zero
- Select the
Protection Level NVM Access Disabled (NVMACCDIS) by
writing
0x2to PDICFG[1:0] (LEVEL)
- Provide the NVM
Protection Active (NVMACT) key by writing
- Write the Lock Key Bits (KEY) in the LOCK.KEY fuse to LOCKED
- Reset the device
Once protection level NVMACCDIS is invoked, the following access rules apply:
- NVM access through UPDI is disabled
- Updates to the application software can only be performed by code located in the Boot Code section (bootloader)
- Chip Erase is disabled
- User Row write access is disabled
- CRC status will be available
Important: Unlike for locked
devices, performing a CHIPERASE through the UPDI interface once the PDID feature is
activated is impossible. The only way to alter the NVM content after PDID activation is
by executing NVM writes from the Boot Code section (bootloader). The application
software must ensure that the bootloader implementation fulfills the security
requirements.
Note: After PDID activation, the access to NVM is very restricted for
external testing. Some testing will be possible, but advanced failure analysis will not
be possible.