Precautions#
Device Erase for Secure Debug#
Disable the Device Erase is mandatory for secure debug as described in the following table.
| Secure Debug | Device Erase | Debug Lock | State | Description |
|---|---|---|---|---|
Enabled | Enabled | Enabled | Insecure debug lock (1) | The device will return to the default debug lock properties after applying the standard debug unlock. (2) |
Enabled | Disabled (3) | Enabled | Secure debug lock | The device cannot be unlocked using the Erase Device command. The device will change to the permanent debug lock state if disabling the Secure Debug property. (4) |
Notes:
This state is only for secure debug testing.
This is an IRREVERSIBLE action and should be disabled AFTER the secure debug is enabled.
See Permanent Debug Lock.
commander security lockconfig --secure-debug-unlock disable --device EFR32MG21A010F1024 --serialno 440048205================================================================================ WARNING: Device erase is disabled and secure debug access is locked. If disabling secured debug access, there is no way to regain debug access to this device if continuing with this command. Type 'continue' and hit enter to proceed or Ctrl-C to abort: ================================================================================ continue Secure debug unlock was disabled DONE
Secure Boot and Debug Lock#
The following table describes the different debug lock scenarios on the secure boot-enabled device.
| Secure Debug | Device Erase | Debug Lock | State | Recover from Secure Boot Failure |
|---|---|---|---|---|
Disabled | Enabled | Disabled | Standard debug unlock | Flash a correctly signed image. |
Disabled | Enabled | Enabled | Standard debug lock | Flash a correctly signed image after standard debug unlocking the device. |
Disabled | Disabled | Enabled | Permanent debug lock | There is no way to recover the device. Make sure the programmed image is correctly signed before locking the device. |
Enabled | Disabled | Enabled | Secure debug lock | Flash a correctly signed image after secure debug unlocking the device. |
Note: See section Recover Devices when Secure Boot Fails in Series 2 Secure Boot with RTSL to flash a correctly signed image on different debug lock scenarios.