Do I undestand right and CMPA page can by updated multiple times if it not locked ?
This page could be locked after manufacturer programs the page. This is done by writing the SHA 256 digest of the CMPA page
into the SHA memory space of CMPA area ( 0x9E5E0 - 0x9E5FF).
And I can easily enable and disable secure boot multiple time.
CFPA scratch page can be updated multiple times e,g as many firmware updates are exists.
and reboot is need for setup internally correct ping/pong page internally.
"Application code uses FLASH API to update the scratch page which remains outside the protected region."
But MassErase operation can erase whole protected flash region if CMPA area is not locked ?
Or it is never erased during mass erase and always require separate erase/write operations ?
But in any case MCU can be put to ISP mode by external pin and reboot and any area of flash/sram can be read freely ?
You can write something but it never boot becouse secure boot enabled.
But in ISP mode PRINCE is not active and not possible to read back real code only encrypted. Is this so ?
But SRAM have some real context.
Or what is limited set of SIP command if secure boot is enabled ?
"• If secure boot is enabled or debug authentication fields (CC_SOCU_xxx) fields are not in default state
then limited ISP comands are allowed "
Could you point me to this limitation explanation ?
I should clearly undestand what protection is available in case of secure boot is enabled and via ISP mode
user try to read/write/erase some areas.