https://devzone.nordicsemi.com/f/nordic-q-a/39736/how-does-the-nrf52840-access-control-list-acl-work-exactlyHi, In a project I am working on with the nRF52840 I will need the ACL to protect a private key in the flash memory. With help from another post here I put together the following code: #define PROTECTED_REGION_START *(uint32_t *) (START_ADDRESS) #defineen-USTelligent Community 13Mon, 14 Dec 2020 09:10:58 GMThttps://devzone.nordicsemi.com/thread/284710?ContentTypeID=1Mon, 14 Dec 2020 09:10:58 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ffad2cc3-515e-4e0c-a5dc-71971500c53aNikos Karamolegkos<p>Hello <a href="https://devzone.nordicsemi.com/members/haakonsh">haakonsh</a>, nice details. Therefore, the difference with the APPROTECT register which protects the entire flash from reading is that the ACL blocks the access to CPU and not only to an external debugger? If yes, how the device can be compromised from the CPU if using only the APPROTECT register. Sorry for my unawareness am not a security expert.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/154275?ContentTypeID=1Wed, 24 Oct 2018 11:45:20 GMT137ad170-7792-4731-bb38-c0d22fbe4515:cd9bc9df-ec6d-4646-9b47-cd16befb1b66haakonsh<p>Jupp. The CPU is completely blocked from reading or executing code from that region without exceptions, until the system resets and the ACL is cleared. Also note that you can only write to the ACL registers once, you will have to reset the system in order to re-write&nbsp;an ACL register.&nbsp;</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/154238?ContentTypeID=1Wed, 24 Oct 2018 09:44:51 GMT137ad170-7792-4731-bb38-c0d22fbe4515:790c11cb-2f98-4032-b260-f95b51dcb220Thomas Peter<p>Thanks.</p> <p>So after a flash region is protected, no application code, no matter where in the flash it is located, can read the protected flash region?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/154229?ContentTypeID=1Wed, 24 Oct 2018 09:05:54 GMT137ad170-7792-4731-bb38-c0d22fbe4515:b63b1a76-6015-4c23-b001-25245ddbfa76haakonsh<p>By blocking read access you will prevent the CPU from being able to read from that region of flash. Once set you will have to reset the device in order to read that region again.&nbsp;<br /><br />The most common use-case is to protect a cryptographic key from being read by an application. The scenario is that a secure bootloader uses this key during boot to verify a FW image and then enables the ACL read protection to prevent the application from reading this key, or alternatively executing instructions inside the ACL protected area.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/154038?ContentTypeID=1Tue, 23 Oct 2018 10:05:34 GMT137ad170-7792-4731-bb38-c0d22fbe4515:05434423-b2ad-44e4-94f8-2e37deebe67eThomas Peter<p>Of course I meant this code, with a &#39;0&#39;, not an &#39;n&#39; in ACL[...]:</p> <p>#define PROTECTED_REGION_START *(uint32_t *) (START_ADDRESS)<br />#define PROTECTED_REGION_LENGHT 0x0000????</p> <p>NRF_ACL-&gt;ACL[0].ADDR = PROTECTED_REGION_START;<br />NRF_ACL-&gt;ACL[0].PERM = ACL_ACL_PERM_READ_Disable;<br />NRF_ACL-&gt;ACL[0].SIZE = PROTECTED_REGION_LENGHT;</p><div style="clear:both;"></div>