• State Not Answered
  • Replies 8 replies
  • Subscribers 73 subscribers
  • Views 5431 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 111304
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

DFU Service with readback protection

Brett

Can DFU Service update the SoftDevice, Application, and/or Bootloader if readback protection is set to ALL?

  • 0

    Hi Brett,

    Read back protection has nothing to do with the DFU as the readback only protect the content of flash (code region 0 or all) from reading from the SWD interface. DFU on the other hand is the modification of the flash by the CPU (by the code in bootloader and the MBR).

    If CLENR0 = 0xFFFFFFFF, it's interpreted as CLENR0 size = 0. Everything is Region 1.

    When you set CLENR0, (e.g enable protection when flashing softdevice), it's still possible to update the softdevice (region 0) because the MBR is located inside region 0 and it's possible to modify code region 0 (but not changing the size of it).

  • 0

    The DFU example included in SDK 10 is indeed affected by the status of the readback protection settings if you have softdevice readback protection enabled. There are several instances where dfu code tries to directly read soft device memory areas.

    Instance 1: (main.c lines ~230 - 250)

    if (dfu_start || (!bootloader_app_is_valid(DFU_BANK_0_REGION_START)))
{
    //nrf_gpio_pin_clear(UPDATE_IN_PROGRESS_LED);

    // Initiate an update of the firmware.
    err_code = bootloader_dfu_start();
    APP_ERROR_CHECK(err_code);

    //nrf_gpio_pin_set(UPDATE_IN_PROGRESS_LED);
}


if (bootloader_app_is_valid(DFU_BANK_0_REGION_START) && !bootloader_dfu_sd_in_progress())

    DFU_BANK_0_REGION_START is a series of defines and macros that lead to checking a memory location within the soft device. This will cause the device to hard fault if readback protection is enabled.

    I changed this to read NRF_UICR->CLENR0 to get the start address.

    Instance 2: (dfu_init_template.c lines ~117 - 130)

    // Third check: Check the array of supported SoftDevices by this application.
//              If the installed SoftDevice does not match any SoftDevice in the list then an
//              error is returned.
while (i < p_init_packet->softdevice_len)
{
    if (p_init_packet->softdevice[i]   == DFU_SOFTDEVICE_ANY ||
        p_init_packet->softdevice[i++] == SD_FWID_GET(MBR_SIZE))
    {
        return NRF_SUCCESS;
    }
}

// No matching SoftDevice found - Return NRF_ERROR_INVALID_DATA.
return NRF_ERROR_INVALID_DATA;

    The macro SD_FWID_GET(MBR_SIZE) attempts to read from data within the softdevice. For lack of a better solution at this time, I have simply commented out this block of code and replaced it with

    return NRF_SUCCESS;
  • 0 in reply to Greg Lund

    @Greg Lund: You are correct, if UICR.RBPCONF.PR0 is enabled, meaning readback protection for code region 0 only. The question was about UICR.RBPCONF.PALL, when code region 1 still have read access to region 0.

Related
Terms of service