Arduino SAMD21 bootloader protection II

At IoT – exploration of LoRaWAN – part 2 I reported some quality issues with two low cost SAMD21 Arduino Zero like boards, and at Arduino SAMD21 bootloader protection some related discussion.

In view of continuing experience of incorrectly programmed low cost SAMD21 boards, I have decided to re-flash them as a matter of course

Above is one of the culprit boards.

The following are the batch and JLink scripts that I use. They are designed to find the current location of a couple of files that have a version number as part of their paths.

@echo off

rem test for command extensions
if "~x0"=="%~x0" goto EXTERROR 
if "%%~x0"=="%~x0" goto EXTERROR
if not CmdExtVersion 2 goto EXTERROR

setlocal ENABLEDELAYEDEXPANSION

set BOOTLOADER=samd21_sam_ba
if not #%1==# set BOOTLOADER=%1
set PKGPATH="C:\Users\owen\AppData\Local\Arduino15\packages\arduino\hardware\samd"
set JLINKPATH="D:\Program Files (x86)\SEGGER"

set PREF=%~n0

rem generate a unique workfile name
:tryworkfileagain
set /a workfile=%RANDOM%+100000
rem set workfile=%TEMP%\prename-%workfile:~-4%.jls
set workfile=%PREF%-work-%workfile:~-4%.jls
if exist %workfile% goto tryworkfileagain

set JLINK=
rem find the jlink executable
FOR /F "tokens=* USEBACKQ" %%F IN (`where -r %JLINKPATH% jlink.exe`) DO SET JLINK="%%F"
if #%JLINK%==# goto badjlink
ECHO JLINK: %JLINK%

set HEX=
rem find the bootloader
FOR /F "tokens=* USEBACKQ" %%F IN (`where -r %PKGPATH% %BOOTLOADER%.hex`) DO SET HEX=%%F
if #%HEX%==# goto badhex
ECHO HEX: %HEX%

rem copy the script file with variable substitution
for /f "tokens=*" %%a in (%PREF%.jls) do echo %%a >>%workfile%

echo.
rem cat %workfile%
echo.

echo %JLINK% -Device ATSAMD21G18 -If SWD -Speed 4000 -autoconnect 1 -Log %PREF%.log -CommanderScript %workfile%
%JLINK% -Device ATSAMD21G18 -If SWD -Speed 4000 -autoconnect 1 -Log %PREF%.log -CommanderScript %workfile%

del %workfile%

goto eof

:badjlink
echo Error: cannot find jlink.exe
goto eof

:badhex
echo Error: cannot find hex file %BOOTLOADER%
goto eof

:EXTERROR
echo:Error: this script requires command extensions v2 or later!>&2
goto eof

:eof

pause

The following is the JLink script.

//display userrow
mem8 0x804000 0x10
//remove boot protection
w1 0x804000 0xff
r
erase
loadfile !HEX!
// write default userrow with 8k boot protection
w4 0x804000 0xd8e0c7fa
w4 0x804004 0xfffffc5d
w4 0x804008 0xffffffff
w4 0x80400c 0xffffffff
r
mem8 0x804000 0x10
exit

This process just works reliably and it results in a known current and protected bootloader.