Item 23 of the BF70x Errata makes reference to using SPI2 in XIP (eXecute In Place) mode for a Secure Boot.
It suggests that dBootCommand should be set appropriately to cause XIP mode, but it doesn't provide an example of a value. (I presume dBootCommand in this case is "spiMasterBootCmd" in ADI_ROM_OTP_BOOT_CMD_INFO.)
Instead, it shows a code fragment calling the boot ROM routines via adi_rom_Boot(). For user code to be executing, though, that implies that the Blackfin has already booted (insecurely?) from some other source. That other source would seem to be either another memory device or an Init Block, and the documentation rightfully indicates an Init Block is inherently not secure.
How would one boot directly from SPI2 in XIP mode? Is there a way of storing small amounts of executable code in OTP, and if so, where is this documented?
Examples of known-good OTP configurations for the BF70x would certainly help.
Although the HRM documents bit fields, it is not clear what the interdependencies are between these fields. (For example, Figure 36-8 (dBootCommand for SPI Master Boot) begs the question as to which specific parameters are enabled by BCMD_NOAUTO but ignored when BCMD_NOAUTO is inactive?)
Examples that show how OTP configurations were chosen to minimize boot time would be even better.
If Analog is considering writing an app note, an BF70x equivalent to EE-308 (Estimating and Optimizing Booting Time for Blackfin® Processors) would certainly be helpful.