• State Not Answered
  • Replies 3 replies
  • Subscribers 86 subscribers
  • Views 854 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 351213
Options

Locking and Unlocking nRF9160 Without Erasing Firmware

Sparsh Panwar

Dear Nordic Support Team,

I am currently working with the nRF9160 and exploring secure methods to lock and unlock the device without losing the firmware.

At present, I am using the following commands:
To lock the device:  nrfjprog --rbp ALL --family nRF91
To unlock the device: nrfjprog --recover --family nRF91

I would like to know if Nordic provides any alternative mechanism—such as Secure Debug or public key-based readback protection—that allows locking and unlocking the nRF9160 without erasing the firmware.

Could you please advise if:
1. There is a supported method for secure locking/unlocking on nRF9160 that preserves firmware?
2. Any future updates or tools are planned to enable such functionality?
3. There are recommended best practices for implementing secure access control on nRF9160?

Your guidance would be greatly appreciated.

  • 0
    . There is a supported method for secure locking/unlocking on nRF9160 that preserves firmware?

    No, there is currently no supported method on the nRF9160 to unlock the device (i.e., disable readback protection) without erasing the firmware. The standard mechanism for protecting firmware is Access Port Protection (AP-Protect), which, when enabled, blocks debug access to the device. To regain debug access, you must perform a recovery operation (e.g., nrfjprog --recover), which erases all flash memory, including your firmware. This is a deliberate security feature to prevent unauthorized readout of protected firmware. 

    2. Any future updates or tools are planned to enable such functionality?

    I am not sure about this.. For information on future plans/roadmaps, you will need to contact your Regional Sales manager.. If you need the contact details of your RSM, do let me know. 

    3. There are recommended best practices for implementing secure access control on nRF9160?

    Yes, there are a few suggestions (like enabling AP-Protect, erase-all protection etc.)that has been explained in the link below: https://docs.nordicsemi.com/bundle/nrf-cloud/page/GettingStarted.html#device-security 

    Best Regards,

    Swathy

  • 0 in reply to SwRa

    Thanks, Swathy, for your quick response.

    I also had a follow-up question:
    Is there any specific method to permanently block an nRF9160 after flashing it once?
    I’m curious if there’s a way to make the device completely unrecoverable — even if recovery isn’t possible, is there any approach that ensures it can’t be accessed or reprogrammed again?

     

  • 0

    Hi Sparsh,

    Enabling AP-Protect followed by enabling Erase protection would be a way to do this..  If you enable ERASEPROTECT and APPROTECT at the same time and do not have firmware running on the nRF to unlock the ERASEPROTECT or APPROTECT you will no longer be able to reprogram your chip. There is a discussion here that you can refer: (+) How to enable APPPROTECT, SECUREAPPROTECT and ERASEPROTECT on nRF5340? - Nordic Q&A - Nordic DevZone - Nordic DevZone 

    Regards,

    Swathy

Related
Terms of service