RE: BPROT Protecting Bootloader nRF52832

superpak — Mon, 25 Sep 2017 17:37:34 GMT

Thank you very much for the clear answer, Sigurd!

RE: BPROT Protecting Bootloader nRF52832

Sigurd — Mon, 25 Sep 2017 16:22:22 GMT

Hi,

Yes, you can use the BPROT peripheral to prevent application code from erasing or writing to protected blocks. Any attempt to erase or write to a protected flash page will trigger a hardfault. Typically, you would want to enable the protection right at the start of your code, before you do anything else.

A BPROT-block represents 1 flashpage(4kB), so on the nRF52832 that have 512 kB flash, we have 512/4 = 128 BPROT-blocks. The non-debug secure-bootloader in SDK 14.0 is by-default located from 0x78000 to 0x7E000. This corresponds to BPROT block/region 120 to 126. (The debug-project uses page 115 to 124).

You can enable BPROT on these regions like this:

NRF_BPROT->CONFIG3 = (BPROT_CONFIG3_REGION120_Enabled << BPROT_CONFIG3_REGION120_Pos) |
                     (BPROT_CONFIG3_REGION121_Enabled << BPROT_CONFIG3_REGION121_Pos) |
                     (BPROT_CONFIG3_REGION122_Enabled << BPROT_CONFIG3_REGION122_Pos) |
                     (BPROT_CONFIG3_REGION123_Enabled << BPROT_CONFIG3_REGION123_Pos) |
                     (BPROT_CONFIG3_REGION124_Enabled << BPROT_CONFIG3_REGION124_Pos) |
                     (BPROT_CONFIG3_REGION125_Enabled << BPROT_CONFIG3_REGION125_Pos) |
                     (BPROT_CONFIG3_REGION126_Enabled << BPROT_CONFIG3_REGION126_Pos);