6.4.7 Program and Debug interface Disable (PDID)

The Program and Debug Interface Disable (PDID) comprises of a number of measures and dependencies that prevent access to the device's reprogrammable Flash memory via programmer or debugger. After activating the PDID measures, a programmer or debugger is prevented from making any changes to the device through the DSU, but can still read out a restricted set of device information.

Follow these steps to inhibit Flash manipulation via a debugger or programmer:
  1. Enter the Interactive Mode (IMODE) of the Boot ROM.
  2. Disable the IMODE commands by writing their respective key value in the ROM Configuration (CFM::ROMCFG) to all-zeroes. This change will take effect only after the next device reset.
  3. Issue the command CMD_SDAL0 to set the Debugger Access Level to DAL0. This change will take effect only after the next device reset.
  4. Reset the device so the previous measures take effect.
Now the following rules apply:
  • A debugger can only access DSU registers mapped in the DSU external space (at offsets between 0x0100–0x01FF) and the DSU CoreSight™ ROM table. This allows device identification but inhibits read/write access to the PFM sections.
  • The Chip Erase command (CMD_CE_ALL) is disabled, so it cannot force the factory default for neither Debugger Access Level (factory default: DAL2) nor command key values (factory default: all valid).
  • Read or write operations on the application code can only be performed by code located in the Boot Code section (bootloader).
Note:

The bootloader software must be able to receive new data and to program the Application Code section. The bootloader cannot alter code stored in the Boot Code section, and the access to the Boot Code section by the DSU is restricted by the DAL0 setting.

The application authors must ensure that the bootloader implementation fulfills the security requirements.

CAUTION: The device may become permanently unrecoverable if the user does not retain access to recover paths. Devices with PDID invoked will have extremely limited failure analysis capabilities.