At various phases during boot, protection mechanisms are enabled and certain
registers in the design are locked to improve FW security:
- Changes to hardware trims for
oscillators, voltage/current references, flash trimming and power management
output voltages
- Wrong hardware trim
values can result in the device operating out of spec and thus having
unpredictable behavior.
- Flash sector write/erase protection
- To avoid program errors, malicious attacks or a debug connection from
changing contents of certain flash sectors
- SWD port and debug access
- The SWD port gives access to the CFG-AP and SEC-AP access points from
boot to allow device IDs and information to be read out through CFG-AP
and communication with SACI through SEC-AP
- The AHB-AP access point
that us used by debug probe can be enabled before the bootloader is
invoked or the application is invoked using CCFG configurations
- Debug access is enabled
by default and if specified by CCFG.debugCfg or with CCFG authentication
(password) configurations