An integrated circuit (IC) provisioned for asset protection has a primary circuit portion, such as a microprocessor or system-on-chip, that can be selectively disabled and enabled via an operability control input. The IC includes a secure register to store lock state indicia and unlock criteria, where a signal at the operability control input is responsive to the lock state indicia. In operation, a firmware data store receives and stores firmware code that includes a lock/unlock command, and firmware data that includes an unlock key. An authorization module verifies authenticity of the firmware code. A lock/unlock (LUL) module is operative to write lock state indicia to the secure register based on the lock/unlock command only in response to a positive verification of the authenticity of the firmware code by the authorization module, and to write lock state indicia to the secure register.