• State Verified Answer
  • Replies 2 replies
  • Subscribers 64 subscribers
  • Views 276 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 320345
Options

Protect Immutable bootloader of nRF52 MCUs from Erase

ItachiVN
Hello team,
I am currently working on a secure boot prototype for our product using ZephyrRTOS (or possibly nRF Connect SDK). I am considering migrating our project from STM32 MCUs to nRF52, but I have some concerns. With STM32 MCU, I can lock the first-stage bootloader using write protection, ensuring it is immutable. However, I don't think the nRF52 offers this feature, as it's possible to erase all the Flash memory, including the first-stage bootloader. Could you please confirm if my understanding is correct?
Thank you and best regards,
Wayne.
  • +1

    Hi,

    The bootloader for the nRF52 series is made immutable by our fprotect freature, and is protected by our APPROTECT feature. You can read about both of these in this blog.

    Both of these are reset on the eraseall command, and there is no way to stop this for the nRF52 series. However, eraseall will erase your other firmware, and this is enough for most users.

    If you want more than this, the nR5340 has the feature ERASEPROTECT which can block the eraseall functionality for your chips as well. Be careful with this feature, as mistakes can lock you out of your own chips.

    If you want even more security than for the nRF5340, I suggest that you look at our nRF54 series, which have even more security features. See the nRF54L or nRF54H. If you want to know even more about the nRF54 series, you can contact our sales representatvies.

    Regards,
    Sigurd Hellesvik

  • 0 in reply to Sigurd Hellesvik

    Hi  ,
    Thank you for your clear, concise explanation and the provided links. I also found that your blogs on security for Nordic MCUs are really helpful too. I'll try to read them all in my next holidays.

    Best regards,
    Wayne.

Related