This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How does the nRF52840 Access Control List (ACL) work exactly?

Hi,

In a project I am working on with the nRF52840 I will need the ACL to protect a private key in the flash memory. With help from another post here I put together the following code:

#define PROTECTED_REGION_START *(uint32_t *) (START_ADDRESS)
#define PROTECTED_REGION_LENGHT 0x00001000

NRF_ACL->ACL[n].ADDR = PROTECTED_REGION_START;
NRF_ACL->ACL[n].PERM = ACL_ACL_PERM_READ_Disable;
NRF_ACL->ACL[n].SIZE = PROTECTED_REGION_LENGHT;

Now what does this mean exactly? Does it mean that the region ACL[0] can read the protected memory range and all other ACL regions can not?
Or am I getting something wrong here?

Thank you and best regards

Thomas

Top Replies

haakonsh over 6 years ago in reply to Thomas Peter +1 verified

Jupp. The CPU is completely blocked from reading or executing code from that region without exceptions, until the system resets and the ACL is cleared. Also note that you can only write to the ACL registers…

Parents

0 Thomas Peter over 6 years ago

Of course I meant this code, with a '0', not an 'n' in ACL[...]:

#define PROTECTED_REGION_START *(uint32_t *) (START_ADDRESS)
#define PROTECTED_REGION_LENGHT 0x0000????

NRF_ACL->ACL[0].ADDR = PROTECTED_REGION_START;
NRF_ACL->ACL[0].PERM = ACL_ACL_PERM_READ_Disable;
NRF_ACL->ACL[0].SIZE = PROTECTED_REGION_LENGHT;
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 haakonsh over 6 years ago in reply to Thomas Peter

By blocking read access you will prevent the CPU from being able to read from that region of flash. Once set you will have to reset the device in order to read that region again.

The most common use-case is to protect a cryptographic key from being read by an application. The scenario is that a secure bootloader uses this key during boot to verify a FW image and then enables the ACL read protection to prevent the application from reading this key, or alternatively executing instructions inside the ACL protected area.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 haakonsh over 6 years ago in reply to Thomas Peter

By blocking read access you will prevent the CPU from being able to read from that region of flash. Once set you will have to reset the device in order to read that region again.

The most common use-case is to protect a cryptographic key from being read by an application. The scenario is that a secure bootloader uses this key during boot to verify a FW image and then enables the ACL read protection to prevent the application from reading this key, or alternatively executing instructions inside the ACL protected area.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Thomas Peter over 6 years ago in reply to haakonsh

Thanks.

So after a flash region is protected, no application code, no matter where in the flash it is located, can read the protected flash region?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 haakonsh over 6 years ago in reply to Thomas Peter

Jupp. The CPU is completely blocked from reading or executing code from that region without exceptions, until the system resets and the ACL is cleared. Also note that you can only write to the ACL registers once, you will have to reset the system in order to re-write an ACL register.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel
0 Nikos Karamolegkos over 4 years ago in reply to haakonsh

Hello haakonsh, nice details. Therefore, the difference with the APPROTECT register which protects the entire flash from reading is that the ACL blocks the access to CPU and not only to an external debugger? If yes, how the device can be compromised from the CPU if using only the APPROTECT register. Sorry for my unawareness am not a security expert.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel