1. RDP2 completely disables the debug interface. The microcontroller doesn't respond to debug requests in this mode.
2. As the third attack requires the microcontroller to have a working debug port, it requires it to be in RDP1. (Which could be accomplished using the second attack.)
Ah, you're correct. I did think it was odd that they were able to make the debugger do anything in RDP2, but I misread it. That attack was indeed performed in RDP1.
1. RDP2 completely disables the debug interface. The microcontroller doesn't respond to debug requests in this mode.
2. As the third attack requires the microcontroller to have a working debug port, it requires it to be in RDP1. (Which could be accomplished using the second attack.)