• State Not Answered
  • Replies 8 replies
  • Subscribers 73 subscribers
  • Views 7080 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 119537
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to set nrf51 Read Back Protection using OpenOCD?

Jerod

Looking for the OpenOCD equivalent of ""nrfjprog --rbp all"

Looking at the commands for OpenOCD they have a "flash protect" command, but it doesn't appear that's quite the same thing (requests regions of flash).

Any assistance for a OpenOCD newbie would be appreciated!

Parents
  • 0

    Hi Jerod,

    Simply write 0xFFFF00FF to UICR->RBCONF register which resides on address 0x100010004. To be precise you should read it out and mask with that value (to preserve PR0 register part on the least significant byte of the register in case it is used). Also make sure what endian OpenOCD use to code raw 32-bit hexadecimal values when writing to the memory. In the end reset the target and memory should be protected.

    Btw. you can easily do this from within the FW code to be sure that you don't forget this in production and also note that nRF51 has major security hole in read-back protection and debugging interface so doing RBALL is rather cosmetic thing which saves you against people who cannot use Google search.

    Cheers Jan

    Edit 10-Feb-2017

    Here is HEX file which writes RBALL to UICR->RBCONF on any nRF51 variant. It can be flashed by any tool including OpenOCD. Can be stripped down to single register write (with little bit of work with GCC tools or similar) but normally it isn't needed.

    Cheers Jan

    nrf51822_UICR_lock.hex

Reply
  • 0

    Hi Jerod,

    Simply write 0xFFFF00FF to UICR->RBCONF register which resides on address 0x100010004. To be precise you should read it out and mask with that value (to preserve PR0 register part on the least significant byte of the register in case it is used). Also make sure what endian OpenOCD use to code raw 32-bit hexadecimal values when writing to the memory. In the end reset the target and memory should be protected.

    Btw. you can easily do this from within the FW code to be sure that you don't forget this in production and also note that nRF51 has major security hole in read-back protection and debugging interface so doing RBALL is rather cosmetic thing which saves you against people who cannot use Google search.

    Cheers Jan

    Edit 10-Feb-2017

    Here is HEX file which writes RBALL to UICR->RBCONF on any nRF51 variant. It can be flashed by any tool including OpenOCD. Can be stripped down to single register write (with little bit of work with GCC tools or similar) but normally it isn't needed.

    Cheers Jan

    nrf51822_UICR_lock.hex

Children
  • 0 in reply to endnode

    Thanks. I was unaware of the security hole! I was trying to learn a little more about OpenOCD and nrf support to see how the two work together -- as the majority of guides seem to stick to the basic, wipe, program, reset capabilities.

  • 0 in reply to endnode

    Cool. Are you able to use single word write in OpenOCD and verify that it works? Could you then close the case or give me a feedback what's missing? Thx

  • 0 in reply to endnode

    Technically, the question hasn't been answered; still looking for the way to do this in OpenOCD. I will hunt down the proper command(s) and post here before closing.

  • 0 in reply to endnode

    I'm adding HEX file to my answer which should solve your problem. I suppose you can flash HEX with OpenODC (e.g. by using "-i" option in "flash_nrf51822.py").

  • 0 in reply to endnode

    Still not able to get us to a state of read back protected files.

    Using OpenOCD, one cannot write your hex file after SoftDevice and Program are written.

    Here is the command and output:

    D:\OpenOCD\bin>openocd.exe -f ../scripts/interface/stlink-v2.cfg -f "C:\Program Files\GNU ARM Eclipse\OpenOCD\0.10.0-201701241841\scripts\target\nrf51.cfg" -s ..\share\openocd\scripts -c "init" -c "halt" -c "nrf51 mass_erase 0" -c "program sd.hex verify" -c "program myprogram.hex verify" -c "program nrf51822_UICR_lock.hex verify" -c "reset" -c "exit"

    Open On-Chip Debugger 0.9.0 (2016-09-01) [https://github.com/sysprogs/openocd]

    Licensed under GNU GPL v2

    For bug reports, read

    openocd.org/.../bugs.html

    Info : auto-selecting first available session transport "hla_swd". To override use 'transport select '.

    Info : The selected transport took over low-level target control. The results might differ compared to plain JTAG/SWD

    adapter speed: 1000 kHz

    Info : Unable to match requested speed 1000 kHz, using 950 kHz

    Info : Unable to match requested speed 1000 kHz, using 950 kHz

    Info : clock speed 950 kHz

    Info : STLINK v2 JTAG v23 API v2 SWIM v4 VID 0x0483 PID 0x3748

    Info : using stlink api v2

    Info : Target voltage: 3.172668

    Info : nrf51.cpu: hardware has 4 breakpoints, 2 watchpoints

    Info : nRF51822-QFAA(build code: E0) 256kB Flash

    nrf51.cpu: target state: halted

    target halted due to debug-request, current mode: Thread xPSR: 0xc1000000 pc: 0xfffffffe msp: 0xfffffffc

    ** Programming Started **

    auto erase enabled

    Info : Padding image section 0 with 2112 bytes

    Warn : using fast async flash loader. This is currently supported

    Warn : only with ST-Link and CMSIS-DAP. If you have issues, add

    Warn : "set WORKAREASIZE 0" before sourcing nrf51.cfg to disable it

    nrf51.cpu: target state: halted

    target halted due to breakpoint, current mode: Thread

    xPSR: 0x61000000 pc: 0x2000001e msp: 0xfffffffc

    wrote 93184 bytes from file sd.hex in 4.006389s (22.714 KiB/s)

    ** Programming Finished **

    ** Verify Started **

    nrf51.cpu: target state: halted

    target halted due to breakpoint, current mode: Thread

    xPSR: 0x61000000 pc: 0x2000002e msp: 0xfffffffc

    nrf51.cpu: target state: halted

    target halted due to breakpoint, current mode: Thread

    xPSR: 0x61000000 pc: 0x2000002e msp: 0xfffffffc

    verified 90328 bytes in 0.636024s (138.691 KiB/s)

    ** Verified OK **

    nrf51.cpu: target state: halted

    target halted due to debug-request, current mode: Thread

    xPSR: 0xc1000000 pc: 0x000006d0 msp: 0x000007c0

    ** Programming Started **

    auto erase enabled

    Warn : using fast async flash loader. This is currently supported

    Warn : only with ST-Link and CMSIS-DAP. If you have issues, add

    Warn : "set WORKAREASIZE 0" before sourcing nrf51.cfg to disable it

    nrf51.cpu: target state: halted

    target halted due to breakpoint, current mode: Thread

    xPSR: 0x61000000 pc: 0x2000001e msp: 0x000007c0

    Warn : Adding extra erase range, 00000000 to 0x00000013

    Warn : using fast async flash loader. This is currently supported

    Warn : only with ST-Link and CMSIS-DAP. If you have issues, add

    Warn : "set WORKAREASIZE 0" before sourcing nrf51.cfg to disable it

    nrf51.cpu: target state: halted

    target halted due to breakpoint, current mode: Thread

    xPSR: 0x61000000 pc: 0x2000001e msp: 0x000007c0

    wrote 14572 bytes from file myprogram.hex in 0.822974s (17.292 KiB/s)

    ** Programming Finished **

    ** Verify Started **

    nrf51.cpu: target state: halted

    target halted due to breakpoint, current mode: Thread

    xPSR: 0x61000000 pc: 0x2000002e msp: 0x000007c0

    verified 14252 bytes in 0.143640s (96.895 KiB/s)

    ** Verified OK **

    nrf51.cpu: target state: halted

    target halted due to debug-request, current mode: Thread

    xPSR: 0xc1000000 pc: 0x000006d0 msp: 0x000007c0

    ** Programming Started **

    auto erase enabled

    Error: The chip was not pre-programmed with SoftDevice stack and UICR cannot be erased separately. Please issue mass erase before trying to write to this region

    Error: failed erasing sectors 0 to 0

    embedded:startup.tcl:454: Error: ** Programming Failed **

    in procedure 'program'

    in procedure 'program_error' called at file "embedded:startup.tcl", line 510

    at file "embedded:startup.tcl", line 454

Related
Terms of service