• State Verified Answer
  • Replies 12 replies
  • Subscribers 87 subscribers
  • Views 468 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 358830
Options

How to unlock a locked nRF54L10

Август

Hello,

   Our product has reached the final mass production stage, but we need to add a lock function to prevent erasure and access to the programming/debug port.
    
   nRF54L10  ncs3.2.3
   
   I have performed the following operations:

    @Echo Off

nrfutil.exe device recover --traits jlink --x-family nrf54l

nrfutil device x-write --address 0x00FFD060 --value 0x50fa50fa  --x-family nrf54l

nrfutil device x-write --address 0x00FFD07c --value 0x50fa50fa --x-family nrf54l

nrfutil.exe device x-provision-keys --key-file keyfile.json --traits jlink --x-family nrf54l

nrfutil.exe device program --options chip_erase_mode=ERASE_RANGES_TOUCHED_BY_FIRMWARE --traits jlink --x-family nrf54l  --firmware merge.hex

nrfutil.exe device fw-verify --firmware merge.hex

nrfutil.exe device protection-set ALL

nrfutil.exe device reset --reset-kind RESET_PIN


So how can I unlock it through my code? My code has an upgrade function.


  • 0

    Hello,

    If both APPROTECT and ERASEPROTECT are activated simultaneously, the device cannot be recovered unless it already contains compatible firmware that supports the unlock procedure.

    Please refer to the note under the Enabling Device Protection section. If the currently locked device does not already include this firmware path, it cannot be added afterward through normal debug access, as APPROTECT blocks debug access and ERASEPROTECT prevents erase operations.

    To enable recovery, the application firmware must write a chosen non-zero key value to the device’s ERASEPROTECT disable register. At the same time, the debug tool must write the exact same key value to the corresponding register on the debug side. Once both sides have written the same key, the tool can perform an erase (recover) operation to unlock the device.

    Kind Regards,

    Abhijith

  • 0 in reply to Menon

    Hi Abhijith,

    Thank you so much for your detailed explanation.


    Since my firmware supports OTA updates, I plan to upgrade my application firmware first, and have the application firmware write a chosen non-zero key value to the device's ERASEPROTECT disable register.


    However, I'm a bit concerned that APPROTECT will block debug access, which might prevent my debug tool from writing the exact same key value to the corresponding register on the debug side.


    I will give this approach a try and see how it goes.


    Thanks again for your help!


    Best regards,

    Abryct

  • 0

    Hello,

    I understand your confusion, and what you said is correct, debug access is denied when APPROTECT is enabled. However, you can still access the device via CTRL-AP. Please refer to the script I shared in my first response. It is a J-Link script, so you need to use J-Link Commander here, not nrfutil.

    Kind Regards,

    Abhijith

  • 0 in reply to Menon
    Hello Abhijith,
    Thank you so much for your help! This information is really helpful and solved my problem perfectly.
    I have another question: since ERASEPROTECT is enabled, I cannot write to UICR_ERASEPROTECT_PROTECT0 and UICR_ERASEPROTECT_PROTECT1. If we want to write these registers in code, we need to erase the UICR first.
    Do you have any other solutions or methods to write these UICR registers?
    Thank you very much for your support!
    Kind Regards,

    Abryct
Related
Terms of service