The Program and Debug Interface Disable (PDID) is a security feature used in microcontrollers to prevent unauthorized access to the device's memory. Once activated, PDID restricts access to the reprogrammable Flash memory, making it only writable by coding, executing on the device itself. Attempts to read or reprogram the device through external interfaces, such as the debug port, will fail. This feature is designed to protect the microcontroller from external threats and unauthorized access to its memory and proprietary application firmware. This feature is leveraged to enhance security, particularly for boot processes.
- MPLAB® X IDE v6.25 or newer
- MPLAB® XC32 v5.00 or newer compiler
- MPLAB® Code Configurator (MCC) v5.6.2 plug-in or newer
- SAMD21 DFP v3.7.262
This feature is available only on select SAMD21 family devices and silicon revisions. Contact a local Microchip sales office for additional information on silicon availability.
The following items are provided in the ATSAMD21 PDID library release:
- pdid-example
atsamd21_cnano_sys_cmd_pdid.X- src
- pdid-lib
samd21_pdid_lib.X.apdid_api.h
- images
readme.md
The PDID script is available as a library (.a) to the user along with a header (.h) file. These are the steps to use this library in a user application:
-
From the user application Project settings, navigate to Config:[user config name]>Libraries.
-
Select Add Library/Object File…
-
Locate the library (
.a) file and select it. This example uses the ATSAMD21G17D and the library files have been moved to the src folder, so we will be selecting the file namedsamd21_pdid_lib.X.a.
-
Select Apply and OK to close out the project settings window.
-
In the Projects window, right click Header Files folder and select the Add Existing Item… menu option.
-
Locate the
pdid_api.hfile provided with the library and select it. In this example, the header file has been moved into the src folder.
-
In the user application, include the header file using
#include "pdid_api.h.
-
Now add the
PDID_Enable();function call to the user application to enable PDID.
NOTE
If the user application uses the Watchdog Timer (WDT), ensure the period is greater than 16 ms to give it enough time to complete the PDID enabling process.
Example projects are provided to show how the PDID can be enabled from a command line using a simple Harmony system command project. Typing help will display the different commands available, including the pdid command which is used to enable the PDID.
Steps for running the PDID example application for the ATSAMD21G17D:
-
Open a serial terminal connected to the device serial communication port with the following settings:
- Speed: 115200
- Data: 8 bits
- Parity: none
- Stop bits: 1 bit
-
Download the PDID example application
atsamd21_cnano_sys_cmd_pdid. -
Open the example application project in MPLAB® X.
-
Program the device with the example application.
-
Press 'Enter' when prompted to begin a command line session.
-
Enter
helpto see all the available commands orhelp pdidto see all the PDID test commands.
-
Enter
statusto check the PDID status of the device. In this case, the status is0x0because PDID has not been enabled yet. This command has three possible outputs:0x0: PDID is NOT enabled0xa5: PDID is enabled0xbaad0003: PDID is not supported on this device
-
Enter
pdidto execute the PDID process. -
On successful PDID execution, the output will show
PDID enabling succeeds, return: 0xa5. Thestatuscommand will also return0xa5, indicating that PDID is enabled.
-
Software reset or power cycle the device.
-
The device can no longer be reprogrammed or debugged.
