In ATmega328P, by setting the lock bit to 0x04, may it possible to set the chip so that the boot loader can only overwrite the flash application section.
- External programmers can't read or write the chip, including the bootloader.
- The user program can't read to sniff the bootloader section. Of course can't write too.
- The bootloader can write to the user program section, but cannot read it.
In this case, the bootloader will need to fill everything with "nop" instead of erasing the chip when before writing, andmore it will be impossible to even verify after writing.
(Doesn't work normal Arduino boot loader.)
Also, the only way to enable normal writing again on a chip in this state is to completely erase the chip with external programmer.