Why to enable APPROTECT for nRF5430 net core

NCS 2.6.0
nRF5340
project /ncs/v2.6.0/nrf/samples/matter/lock

I want to enable APPROTECT on both app core and net core core.
I want to enable it in firmware without UICR.

I could do this by adding CONFIG_NRF_APPROTECT_LOCK=y to my_project/child_image/mcuboot/prj.conf.

This setting is only on the app core side, but why is APPROTECT enabled on the net core side as well?

What are Nordic's recommendations?

nRF-Programmer LOG

INFO Using nrfutil device to communicate with target via JLink
INFO JLink OB firmware version J-Link OB-nRF5340-NordicSemi compiled Jun 25 2024 17:06:45
INFO Device family NRF53_FAMILY
INFO Device version NRF5340_xxAA_ENGD
INFO Board version PCA10095
DEBUG Sending event "programmer: device selected"
DEBUG Sending event "programmer: running nrfutil device"
DEBUG Sending event "programmer: running nrfutil device"
INFO Update files regions according to Application core
INFO Parse memory regions for file
INFO Update files regions according to Network core
INFO Parse memory regions for file
DEBUG Sending event "programmer: running nrfutil device"
INFO Reading readback protection status for Application core
INFO Reading readback protection status for Application core 0%
INFO Reading readback protection status for Application core 100%
INFO Application core protection status 'NRFDL_PROTECTION_STATUS_ALL'
INFO Reading readback protection status for Application core completed
INFO Reading readback protection status for Network core
INFO Reading readback protection status for Network core 0%
INFO Reading readback protection status for Network core 100%
INFO Network core protection status 'NRFDL_PROTECTION_STATUS_NONE' <--------------------- non protect
INFO Reading readback protection status for Network core completed
INFO Skipping reading core Application information as it is protected.
DEBUG Sending event "programmer: running nrfutil device"
DEBUG Sending event "programmer: running nrfutil device"
DEBUG Sending event "programmer: running nrfutil device"
INFO Loading core information for Network core
INFO Update files regions according to Application core
INFO Parse memory regions for file
INFO Update files regions according to Network core
INFO Parse memory regions for file
INFO Loading core information for Network core 0%
INFO Loading core information for Network core 100%
INFO Loading core information for Network core completed
INFO Update files regions according to Application core
INFO Parse memory regions for file
INFO Update files regions according to Network core
INFO Parse memory regions for file
DEBUG Sending event "programmer: running nrfutil device"
DEBUG Sending event "programmer: running nrfutil device"
DEBUG Sending event "programmer: running nrfutil device"
INFO Reading readback protection status for Application core
INFO Reading readback protection status for Application core 0%
INFO Reading readback protection status for Application core 100%
INFO Application core protection status 'NRFDL_PROTECTION_STATUS_ALL'
INFO Reading readback protection status for Application core completed
INFO Reading readback protection status for Network core
INFO Reading readback protection status for Network core 0%
INFO Reading readback protection status for Network core 100%
INFO Network core protection status 'NRFDL_PROTECTION_STATUS_ALL' <--------------------- change?
INFO Reading readback protection status for Network core completed
INFO Device is loaded and ready for further operation

  • Hi,

    SamJenkins2010 said:
    I am trying to enable the DAP protection at a particular stage in the manufacturing/production process.

    I see. I am not sure I undrstand the problem, though. Can you not enable AP protect on the UICR for the netcore before you enable it on the app core? Also, and importantly: note that changes to the UICR only takes effect after a reset, and that includes locking down the debug interface if it was initially open.

    SamJenkins2010 said:
    I have confirmed that nrfjprog does not seem to be able to connect to and read through the NET core after I have protected the APP core.

    Yes. But note that it is possible to do an erase all operation on the application core, which also allow syou to disable AP protect on that core, and after this, the network core would still be accessible if AP protect is not explicitly enabled for the network core. So you must enable protection (or rather not disable it) for each core where you need it.

Related