The added SDMGetTargetProtectionState() API is intended to be primarily used for determining whether the user should be requested to authenticate in order to debug the target. For most devices, "locked" means that the device is in the production lifecycle state and has not been previously unlocked by authentication.
Even if a device is locked, some access permissions may be enabled by default. For instance, the non-secure world may be debuggable, while the secure world can only be debugged after authentication. In this case SDMTargetProtectionState_Locked would be returned because the target is in its default production lifecycle debug access configuration. Similarly, an unlocked device does not necessary have all available, access permissions enabled. A previously performed authentication may have only unlocked a subset of permissions.
The added
SDMGetTargetProtectionState()API is intended to be primarily used for determining whether the user should be requested to authenticate in order to debug the target. For most devices, "locked" means that the device is in the production lifecycle state and has not been previously unlocked by authentication.Even if a device is locked, some access permissions may be enabled by default. For instance, the non-secure world may be debuggable, while the secure world can only be debugged after authentication. In this case
SDMTargetProtectionState_Lockedwould be returned because the target is in its default production lifecycle debug access configuration. Similarly, an unlocked device does not necessary have all available, access permissions enabled. A previously performed authentication may have only unlocked a subset of permissions.