Hello All
I'm trying to lock debugging/reading capability in my code. My system consists of a bootloader and an application beside the Softdevice and MBR.
What is already done is to check and change APPROTECT as the first thing in the main function
if (NRF_UICR->APPROTECT != 0x0)
{
//NRF_LOG_DEBUG("Disable debugging interface -> Reset\r\n");
NRF_NVMC->CONFIG = 0x1;
NRF_UICR->APPROTECT = 0x0;
NRF_NVMC->CONFIG = 0x0;
NVIC_SystemReset();
}
else
{
//NRF_LOG_DEBUG("You should not see this msg (debug is off!)\n");
}
My question is: as my application code and even the bootloader code is not the first thing to run on the chip (at least the MBR branching step to application,Startup codes .. etc)
How to guarantee that attackers - for the first run of the code after a fresh firmware upgrade -> erase all - can't halt the device before reaching the lock step, making them capable to read flash content?
