7. Increasing Security

In chapter Extracting eFlash content we discussed 2 ways to obtain the secure binary file by extracting it from the eFlash.
In order to be able to extract the image from the eFlash only the SECURE_BOOT flag has been programmed. This flag only instructs the booter to follow a certain procedure to ensure that the file signature is checked and that other security features are set (according the other security flag settings).

../_images/Sticky_Bits.png — Figure 36 Sticky Bits

7.1. Setting other Security Bits

In order to increase and maximize the security, some or all of the other security bits need to be set. As can be seen in Configuration Script and Key Area the security bits are programmed at address 0x00000008 - 0x0000000F (3rd and 4th 32-bit word).
You can use a Hex editor/reader (or any other hex/bin editor) to program the other security bits (see: Sticky Bits).

Following is an example of setting the maximum security:

../_images/Sticky_Bits_EF.png — Figure 37 Security Bits

Programmed in the binary file using a hex editor:

../_images/Security_bits.png — Figure 38 Programmed Security Bits