How to set the ATmega32U4 lock bits

Could somebody explain how one can set the lock-bits so that one cannot write or read what is on the Arduboy? I am assuming a USBasp can do that, but I don’t know how one would just set/programm these lock-bits. (I am aware that this would prevent uploading of new sketches unless the Arduboy is completely erased and a new bootloader is programmed.)

@eried How long are the pogo pins that go together with your 3D design? The ebay link is not valid anymore.

You need to set bits 0 and 1 of the lock bit byte to 0. The avrdude option for this would be something like:
-U lock:w:0x2C:m

I used this fuse calculator to determine this:

Note that using a value of 0x2C, as the example in my previous post shows, would still allow access through USB if a standard Arduino bootloader were installed. If you want to prevent this, it would be better to not include a bootloader and set the lock byte to 0x00.

Thanks. Using 0x00: Am I correct that this would then also free up the ~4kB application/data space that the bootloader occupies?

Can I do this from the Arduino IDE with USBasp? Where would I specify the lock-byte value?

Yes. See this:

After you upload a sketch using the above procedure, and it’s working to your satisfaction, you could set the lock bits using avrdude from a command line. To find out the location of the version of avrdude that Arduino uses, set the Arduino IDE preference to Show verbose output during: ☑ upload
File > Preferences

When you upload the sketch, you should see the path to avrdude in the output.

An important disclaimer for the benefit of the less well-informed:

Doing this will effectively brick* your Arduboy.
Do not attempt it unless you seriously understand what you’re getting yourself into,
and you know how to flash a new bootloader onto the Arduboy
.

* disclaimer... It's not technically bricked because it's recoverable, but recovering it would mean opening the device up and using a second device to flash a new bootloader, hence I'm using the term 'brick' as intentional hyperbole to dissuade people.

Which is why I moved the conversation to a new topic.

But you need such a “second” device to set the lock bits in the first place, so you would have the equipment necessary to do the “unbricking”.

UNLESS you clear the SPIEN fuse, in which case you would need a parallel programmer to allow clearing and reprogramming.

EDIT: Upon further reading, I found that the datasheet contains the note:

The SPIEN Fuse is not accessible in serial programming mode.

Which means you would need a parallel programmer to clear it and thus would be able to set it with the same parallel programmer.

1 Like

The lock bits can only be set using an ISP programmer and not by Arduboy itself.

Since an ISP programmer is needed to set the lock bits you can also undo the ‘bricking’
by a chip erase using that same ISP programmer.

If JTAGEN is set you could use JTAG programming which is easier accessible then parallel programming.

But regardless both SPIEN and JTAGEN are not part of the LOCK bits fuses so this shouldn’t be of any concern unless you mess with the high fuses.

1 Like

link for the pogo pins updated> https://www.thingiverse.com/thing:2565829

1 Like

Or if you don’t have a 3D printer:

or get some fancy ones (2x 3P single)

1 Like

Thanks for all the info. One other question. If one sets the lock-byte to 0x00 does that also prevent reading out the EEPROM?

From the datasheet, if both lock bits are set to 0:

Further programming and verification of the Flash and EEPROM is disabled in Parallel and Serial Programming mode. The Boot Lock bits and Fuse bits are locked in both Serial and Parallel Programming mode.

So yes.

Thanks. But from within the app the EEPROM can still be written/read, I assume. Only the access from the external serial/parallel ports is disabled. Just making sure I understand this correctly.

Of course. What good would EEPROM be if you couldn’t?

The same goes for reading and/or writing program flash, based on the Boot Lock bits in the Lock Byte. If set appropriately, the main program and/or bootloader can read/write program flash while access to it is denied from a serial or parallel programmer.

Even so, best to make sure it’s nice and obvious in case someone stumbles upon the thread accidentally in the future.

Fair point.

I was under the (presumably false) impression setting the lock bits could be done without any extra equipment (i.e. with just a computer).

@MLXXXp got there first. :P

1 Like

How does one read the lock-bits? What command line option would I use for avrdude? Is it possible to read them from the ArduinoIDE or only avrdude?

Check out this excellent guide:

You use the -u command just specify you want to read from it.

Although, I can’t remember I think if you just do avrdude and set the correct target, without any other flags it will just read out what the currently set flags are?


1 Like

Thanks. This was very helpful. This allowed me to add a feature to my sketch to check if the lock-bits have been set the way I need it for distribution. It is a convenient verification that avoids having to hook up the Arduboy another time just to check.

1 Like