Hi
The secure startup file should be used very carefully since it disables the BDM interface to the processor. This means that, once activated, it is no longer possible to use the debugger.
When using the secure startup file with the uTasker "Bare-minimum" boot loader it should be loaded "together" with an application that can work together with it to allow further uploads. This application can also include a mass erase command that can be used to unsecure the device again.
If the "Bare-Minimum" Boot Loader is loaded alone it will secure the device and neither have any method of uploading new code or performing a mass erase.
To recover from the secured state it is necessary to perform a mass erase but this can not be performed over the debug interface since this is blocked.
There may be methods using JTAG, which I never used, but I have used EZPORT to unsecure a device since the mass erase command can be executed over it.
Generally I would tend to ensure that the code that is running (which is also securing the device) includes some method of executing a mass erase in the case of emergency. A simple method would be to reserve an input pin which the software reads on start up and do this if it is the "recovery" position. This will be acceptable in applications requiring code protection since a mass erase, used to unsecure the device, will of course also delete the code that is being protected and is no security weakness in this respect.
Regards
Mark