Hi @Kishore_14
1. This needs to be managed by production process and appropriate countermeasures. Typically the device should be programmed and configured in secured environment where only approved persons have access etc.
S32K1 devices do not have features which would make this process more secured, so it’s up to users to set up appropriate environment. For example, S32K3 have public keys in ROM key catalog while private keys are exclusively owned by NXP, so NXP can sign customer application/data on request. This is next level of protection. But there’s nothing like that on S32K1.
2. 100% secure device does not exist. Every protection can be bypassed. The goal is to make the security breakthrough as hard as possible and to make the effort unreasonable high and cost ineffective. So, our recommendation is to implement all levels of protection including secure boot.
Regards,
Lukas
