Called PDID (programming and debugging interface disable), “when enabled, this enhanced code protection feature is designed to lock out access to the programming-debugging interface and block unauthorised attempts to read, modify or erase firmware”, according to the company.
It is implemented on the PIC18-Q24 family of MCUs, and works with the ICSP (in-circuit serial programming) interface.
Once the PDID configuration bit is turned on “the device is permanently locked down from ICSP access and no further bulk-erase operations are possible”, explained the company. “However, the memory regions can still be accessed using the internal NVM [non-volatile memory] interface. This feature is intended to make the device one-time programmable through the ICSP interface for security applications.”
The PDID bit can be programmed either through ICSP or a self-write, and after this is not possible for a device executing in ‘debug mode’ to erase or write flash memory, nor can a debug tool switch the device to ‘production mode’.
To allow failure analysis in devices with PDID in operation, limited ICSP function can be restored by boot-loader code stored in the device that programs a specific unlock sequence. This will allow ICSP read commands to be performed, while writing to program flash, performing bulk erase, performing page erase, and reprogramming the device via ICSP, will remain blocked.
“The PIC18-Q24 family is also enabled with the option to have an immutable bootloader for applications that want a secure way to upgrade firmware,” said Microchip.
Development tools include the Microchip PIC18F56Q24 curiosity nano eval kit (pictured).
For more PDID information, seek chapter 8.2.5 of the PIC18-Q24 data sheet
