USB port on 1200 pbs

Greetings, colleagues!

The site says that if USB-port Arduino M0 open at 1200bps, it will lead to unconditional erasure of the loaded program and exit to the bootloader. I tried it - that's it.

Do I understand correctly that if I implement a certain device on this module, any lamer, joker or hacker can connect to his USB-port and guarantee to disable it, destroying his firmware? Is there any protection from the fool?

Ogogon.

use it without bootloader?

I didn't think that setting the speed to 1200 would erase the sketch, just starts the bootloader.
(at least, setting the speed to 1200 doesn't erase the sketch from my Sparkfun D21 board, which is similar to an Arduino M0.)

There is no protections against someone uploading a new (and possibly non-working) sketch, though.

Juraj:
use it without bootloader?

Without bootloader it is inconvenient.
I want, you know, that the bootloader was, but that it was properly designed.

While I wait, when the supplier sends me the swd-interface. When I have it, I'll try to install a bootloader for the serial port.

Actually, the idea with a speed of 1200 - in principle, not bad. But you need to have a bootloader modification with protection. For example, like STM32 - with a permissive jumper.

By the way, where can I see the source code of Arduino bootloaders?

Ogogon.

westfw:
I didn't think that setting the speed to 1200 would erase the sketch, just starts the bootloader.
(at least, setting the speed to 1200 doesn't erase the sketch from my Sparkfun D21 board, which is similar to an Arduino M0.)

There is no protections against someone uploading a new (and possibly non-working) sketch, though.

https://store.arduino.cc/arduino-m0 then tab "DOCUMENTATION", section "Programming":

USB port: To use this port, select "Arduino M0 (Native USB Port)" as your board in the Arduino IDE. The Native USB port is connected directly to the SAMD21. Connect the M0 Native USB port (the one closest to the reset button) to your computer. Opening and closing the Native port at 1200bps triggers a 'soft erase' procedure: the flash memory is erased and the board is restarted with the boot loader. Opening and closing the native port at a different baudrate will not reset the SAMD21.

arduino zero bootloader source

From a security threat mitigation perspective, once an attacker can open the port and set the baud rate, wouldn't they also have access to upload any firmware of their choosing?

I don’t understand the issue: if you have an Arduino in your hands of course you can reprogram it ...

In fact, this 1200-bps reset is implemented in board's sketch CDC driver and hides in
...\Seeeduino\hardware\samd\1.8.1\cores\arduino\USB\CDC.cpp :

...
		if (r == CDC_SET_LINE_CODING || r == CDC_SET_CONTROL_LINE_STATE)
		{
			// auto-reset into the bootloader is triggered when the port, already
			// open at 1200 bps, is closed. We check DTR state to determine if host
			// port is open (bit 0 of lineState).
			if (_usbLineInfo.dwDTERate == 1200 && (_usbLineInfo.lineState & CDC_LINESTATE_DTR) == 0)
			{
				initiateReset(250);
			}
			else

...

You can turn it off by you own hands and on you own risk.