APPROTECT and verify with nrfjprog

Hi

On the nRF52840-QIAA-R there should be implemented the APPROTECT according to this guide:

https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/working-with-the-nrf52-series-improved-approtect

Informational Notice (IN) - Vulnerability of the nRF52 series.

I implemented now the suggested code on top of main:

void AppProtection(void)
{
#ifdef ENABLE_APPROTECT
	if ((NRF_UICR->APPROTECT & UICR_APPROTECT_PALL_Msk) !=
		(UICR_APPROTECT_PALL_Enabled << UICR_APPROTECT_PALL_Pos)) {
        NRF_NVMC->CONFIG = NVMC_CONFIG_WEN_Wen;
        while (NRF_NVMC->READY == NVMC_READY_READY_Busy){}

        NRF_UICR->APPROTECT = ((NRF_UICR->APPROTECT & ~((uint32_t)UICR_APPROTECT_PALL_Msk)) |
		    (UICR_APPROTECT_PALL_Enabled << UICR_APPROTECT_PALL_Pos));

        NRF_NVMC->CONFIG = NVMC_CONFIG_WEN_Ren;
        while (NRF_NVMC->READY == NVMC_READY_READY_Busy){}
        NVIC_SystemReset();
   	}
#else
	if ((NRF_UICR->APPROTECT & UICR_APPROTECT_PALL_Msk) !=
		(UICR_APPROTECT_PALL_HwDisabled << UICR_APPROTECT_PALL_Pos)) {

        NRF_NVMC->CONFIG = NVMC_CONFIG_WEN_Wen;
        while (NRF_NVMC->READY == NVMC_READY_READY_Busy){}

        NRF_UICR->APPROTECT = ((NRF_UICR->APPROTECT & ~((uint32_t)UICR_APPROTECT_PALL_Msk)) |
		    (UICR_APPROTECT_PALL_HwDisabled << UICR_APPROTECT_PALL_Pos));

        NRF_NVMC->CONFIG = NVMC_CONFIG_WEN_Ren;
        while (NRF_NVMC->READY == NVMC_READY_READY_Busy){}
        NVIC_SystemReset();
	}
#endif
}

This is working, but the problem is that the verify in production programming is not working anymore. Is there an option to verify the chip before? Because after a program the chip is getting restarted and read out protection is active which makes verify impossible. Is there a solution to verify with nrfjprog or use nrfjprog to program without starting the code on the nRF52?

nrfjprog --program %HEX_FILE% --verify --log

Parents
  • And in the bootloader the debug_port_disable function will be called aswell when the SDK_config NRF_BL_DEBUG_PORT_DISABLE is enabled:

    void nrf_bootloader_debug_port_disable(void)
    {
        if (NRF_UICR->APPROTECT != 0x0)
        {
            nrf_nvmc_write_word((uint32_t)&NRF_UICR->APPROTECT, 0x0);
            NVIC_SystemReset();
        }
    #if (!defined (NRF52810_XXAA) && !defined (NRF52811_XXAA) && !defined (NRF52832_XXAA) && !defined (NRF52832_XXAB))
        if (NRF_UICR->DEBUGCTRL != 0x0)
        {
            nrf_nvmc_write_word((uint32_t)&NRF_UICR->DEBUGCTRL, 0x0);
            NVIC_SystemReset();
        }
    #endif
    }

    So at the end the device is starting in the bootloader and the function above will enbale the APPROTECT. If a device is running without bootloader (only in development), then the function on top of the main will enable the APPROTECT with the function "AppProtection()"

    Is my understanding and the functions in the bootloader and App correct?

    If yes, the only question is how to flash the nRF52840 with nrfjprog and use the verify, or is there an option to ensure a correct download without verify?

  • Hi Dominik,

    Dominik Eugster said:
    Is my understanding and the functions in the bootloader and App correct?

    Yes that's right. https://docs.nordicsemi.com/bundle/nrf5_SDK_v17.1.1/page/lib_secure_boot.html#secure_boot_debug_prod 

    Dominik Eugster said:
    If yes, the only question is how to flash the nRF52840 with nrfjprog and use the verify, or is there an option to ensure a correct download without verify?

    Could you try the following:

    nrfjprog -f NRF52 --recover
    nrfjprog -f NRF52 --eraseall
    nrfjprog -f NRF52 --program file.hex --verify

    -Priyanka

  • Hi Priyanka

    The --eraseall is needed after a recover? 

    I tried but its not working, the MCU starts running and enable APPROTECT before verify is finished:

    **********************************************************************
    "Recover and disable the read back protection"
    **********************************************************************
    Recovering device. This operation might take 30s.
    Erasing user code and UICR flash areas.
    Erasing user available code and UICR flash areas.
    Applying system reset.
    **********************************************************************
    "Reset, Program and Verify the Device"
    **********************************************************************
    [ #################### ]   6.253s | Program file - Done programming
    [error] [  nRF52] - Failed while performing 'Verify' operation on target address 0x00001000.
    -160: Data does not match in address range [0x00001000 - 0x00026497] (Flash)
    Expected byte value 0x00 but read 0xFB at address 0x0001A468.
    [error] [ Client] - Encountered error -160: Command verify_file executed for 1777 milliseconds with result -160
    [error] [  nRF52] - Failed while verifying device. -160: Data does not match in address range [0x00001000 - 0x00026497] (Flash)
    Expected byte value 0x00 but read 0xFB at address 0x0001A468.
    [error] [ Worker] - Data does not match in address range [0x00001000 - 0x00026497] (Flash)
    Expected byte value 0x00 but read 0xFB at address 0x0001A468.
    ERROR: Write verify failed.
    Error occurred, errorlevel: 55
    Error on the burning process with "nrfjprog --reset --program --verify"
    **********************************************************************
    "PROGRAMMING and VERIFY ERROR"
    **********************************************************************
    Drücken Sie eine beliebige Taste . . .
    
    

Reply
  • Hi Priyanka

    The --eraseall is needed after a recover? 

    I tried but its not working, the MCU starts running and enable APPROTECT before verify is finished:

    **********************************************************************
    "Recover and disable the read back protection"
    **********************************************************************
    Recovering device. This operation might take 30s.
    Erasing user code and UICR flash areas.
    Erasing user available code and UICR flash areas.
    Applying system reset.
    **********************************************************************
    "Reset, Program and Verify the Device"
    **********************************************************************
    [ #################### ]   6.253s | Program file - Done programming
    [error] [  nRF52] - Failed while performing 'Verify' operation on target address 0x00001000.
    -160: Data does not match in address range [0x00001000 - 0x00026497] (Flash)
    Expected byte value 0x00 but read 0xFB at address 0x0001A468.
    [error] [ Client] - Encountered error -160: Command verify_file executed for 1777 milliseconds with result -160
    [error] [  nRF52] - Failed while verifying device. -160: Data does not match in address range [0x00001000 - 0x00026497] (Flash)
    Expected byte value 0x00 but read 0xFB at address 0x0001A468.
    [error] [ Worker] - Data does not match in address range [0x00001000 - 0x00026497] (Flash)
    Expected byte value 0x00 but read 0xFB at address 0x0001A468.
    ERROR: Write verify failed.
    Error occurred, errorlevel: 55
    Error on the burning process with "nrfjprog --reset --program --verify"
    **********************************************************************
    "PROGRAMMING and VERIFY ERROR"
    **********************************************************************
    Drücken Sie eine beliebige Taste . . .
    
    

Children
Related