The purpose of debug authentication is to reduce the risk that an attacker uses debug capabilities to compromise the target system. IAR Embedded Workbench supports debug authentication using the open-source Secure Debug Manager (SDM) mechanism. If the target device has been locked reversibly, the debug authentication mechanism unlocks the device for debugging, if you provide the correct credentials.

If authentication is enabled, it is performed when the debug session starts. The authentication is revoked by a target reset. The type of reset that revokes the authentication is hardware-specific.

When authentication is configured, IAR Embedded Workbench tries to determine whether it is actually needed so that the authentication procedure is not executed if the device is not locked. For example, if a power-on-reset is what revokes the authentication, restarting a debug session does not require a new authentication if no power cycle has taken place. If the device has never been locked, or has been unlocked in such a way that it does not go back to a locked state, no authentication is required either.

Any input dialog boxes displayed during the authentication process come from the SDM library used to drive the authentication process, not from IAR Embedded Workbench.

The SDM mechanism requires a library that implements the authentication protocol in terms of the SDM interface.