Why to enable APPROTECT for nRF5430 net core

NCS 2.6.0
nRF5340
project /ncs/v2.6.0/nrf/samples/matter/lock

I want to enable APPROTECT on both app core and net core core.
I want to enable it in firmware without UICR.

I could do this by adding CONFIG_NRF_APPROTECT_LOCK=y to my_project/child_image/mcuboot/prj.conf.

This setting is only on the app core side, but why is APPROTECT enabled on the net core side as well?

What are Nordic's recommendations?

nRF-Programmer LOG

INFO Using nrfutil device to communicate with target via JLink
INFO JLink OB firmware version J-Link OB-nRF5340-NordicSemi compiled Jun 25 2024 17:06:45
INFO Device family NRF53_FAMILY
INFO Device version NRF5340_xxAA_ENGD
INFO Board version PCA10095
DEBUG Sending event "programmer: device selected"
DEBUG Sending event "programmer: running nrfutil device"
DEBUG Sending event "programmer: running nrfutil device"
INFO Update files regions according to Application core
INFO Parse memory regions for file
INFO Update files regions according to Network core
INFO Parse memory regions for file
DEBUG Sending event "programmer: running nrfutil device"
INFO Reading readback protection status for Application core
INFO Reading readback protection status for Application core 0%
INFO Reading readback protection status for Application core 100%
INFO Application core protection status 'NRFDL_PROTECTION_STATUS_ALL'
INFO Reading readback protection status for Application core completed
INFO Reading readback protection status for Network core
INFO Reading readback protection status for Network core 0%
INFO Reading readback protection status for Network core 100%
INFO Network core protection status 'NRFDL_PROTECTION_STATUS_NONE' <--------------------- non protect
INFO Reading readback protection status for Network core completed
INFO Skipping reading core Application information as it is protected.
DEBUG Sending event "programmer: running nrfutil device"
DEBUG Sending event "programmer: running nrfutil device"
DEBUG Sending event "programmer: running nrfutil device"
INFO Loading core information for Network core
INFO Update files regions according to Application core
INFO Parse memory regions for file
INFO Update files regions according to Network core
INFO Parse memory regions for file
INFO Loading core information for Network core 0%
INFO Loading core information for Network core 100%
INFO Loading core information for Network core completed
INFO Update files regions according to Application core
INFO Parse memory regions for file
INFO Update files regions according to Network core
INFO Parse memory regions for file
DEBUG Sending event "programmer: running nrfutil device"
DEBUG Sending event "programmer: running nrfutil device"
DEBUG Sending event "programmer: running nrfutil device"
INFO Reading readback protection status for Application core
INFO Reading readback protection status for Application core 0%
INFO Reading readback protection status for Application core 100%
INFO Application core protection status 'NRFDL_PROTECTION_STATUS_ALL'
INFO Reading readback protection status for Application core completed
INFO Reading readback protection status for Network core
INFO Reading readback protection status for Network core 0%
INFO Reading readback protection status for Network core 100%
INFO Network core protection status 'NRFDL_PROTECTION_STATUS_ALL' <--------------------- change?
INFO Reading readback protection status for Network core completed
INFO Device is loaded and ready for further operation

Parents
  • Hi,

    I could do this by adding CONFIG_NRF_APPROTECT_LOCK=y to my_project/child_image/mcuboot/prj.conf.

    I recomment that you add this config for the network core as well. See Enabling access port protection mechanism for details on this from a firmware perspective (the AP protect mecahnism itself is documented in the product specification of the device).

    This setting is only on the app core side, but why is APPROTECT enabled on the net core side as well?

    I see the same on my end, where debugging is blocked for the network core after writing to APPROTECT.LOCK on the application core. I am checking internally regarding this and will come back to you.

Reply
  • Hi,

    I could do this by adding CONFIG_NRF_APPROTECT_LOCK=y to my_project/child_image/mcuboot/prj.conf.

    I recomment that you add this config for the network core as well. See Enabling access port protection mechanism for details on this from a firmware perspective (the AP protect mecahnism itself is documented in the product specification of the device).

    This setting is only on the app core side, but why is APPROTECT enabled on the net core side as well?

    I see the same on my end, where debugging is blocked for the network core after writing to APPROTECT.LOCK on the application core. I am checking internally regarding this and will come back to you.

Children
Related