Dear all,
I've been struggling with SECUREAPPROTECT register in UICR Flash area on a nRF9160 DK.
I would like to restrict and protect Secure code loaded in Secure mapped memory. Thus I defined Secured regions with SPU (0x0 to 0x40000 is Sec), load secure code, enable SECUREAPPROTECT and it works. However, once this flag is set, I can't no longer load or update code in Non Secure mapped memory. The only thing I can do is to connect to JLink (from SES), attach to debbuger and debug any non secure code that had been loaded before setting the flag.
If I try to launch Debug for non sec project from SES I get this error :
Preparing target for download
Executing script TargetInterface.resetAndStop()
Reset: Halt core after reset via DEMCR.VC_CORERESET.
Reset: Reset device via AIRCR.SYSRESETREQ.
Reset: Core did not halt after reset, trying to disable WDT.
Reset: Halt core after reset via DEMCR.VC_CORERESET.
Reset: Reset device via AIRCR.SYSRESETREQ.
Reset: CPU did not halt after reset.
Reset: Using fallback: Reset pin.
Reset: Halt core after reset via DEMCR.VC_CORERESET.
Reset: Reset device via reset pin
Reset: VC_CORERESET did not halt CPU. (Debug logic also reset by reset pin?).
Reset: Reconnecting and manually halting CPU.
Found SW-DP with ID 0x6BA02477
AP map detection skipped. Manually configured AP map found.
AP[0]: AHB-AP (IDR: Not set)
AP[0]: Core found
AP[0]: AHB-AP ROM base: 0xE00FF000
CPUID register: 0x410FD212. Implementer code: 0x41 (ARM)
Found Cortex-M33 r0p2, Little endian.
Downloading ‘zephyr.elf’ to J-Link
Programming 10.4 KB of addresses 00040000 — 000429bf
Programming 0.1 KB of addresses 000429c0 — 00042a2b
Failed to prepare for programming.
Could not preserve target memory.
If I attach to JLink and try "target/Download File" :
Connecting ‘J-Link’ using ‘USB’
Connecting to target using SWD
Loaded C:/Tools/arm_segger_embedded_studio_v414_win_x64_nordic/bin/JLink_x64.dll
Firmware Version: J-Link OB-K22-NordicSemi compiled Nov 20 2018 16:26:48
DLL Version: 6.40a
Hardware Version: V1.00
Target Voltage: 3.300
Device "NRF9160" selected.
Found SW-DP with ID 0x6BA02477
Scanning AP map to find all available APs
AP[2]: Stopped AP scan as end of AP map seems to be reached
AP[0]: AHB-AP (IDR: 0x84770001)
AP[1]: AHB-AP (IDR: 0x24770011)
Iterating through AP map to find AHB-AP to use
AP[0]: Core found
AP[0]: AHB-AP ROM base: 0xE00FF000
CPUID register: 0x410FD212. Implementer code: 0x41 (ARM)
Found Cortex-M33 r0p2, Little endian.
FPUnit: 8 code (BP) slots and 0 literal slots
Security extension: implemented
Secure debug: disabled
CoreSight components:
ROMTbl[0] @ E00FF000
ROMTbl[0][0]: E000E000, CID: B105900D, PID: 000BBD21 Cortex-M33
ROMTbl[0][1]: E0001000, CID: B105900D, PID: 000BBD21 DWT
ROMTbl[0][2]: E0002000, CID: B105900D, PID: 000BBD21 FPB
ROMTbl[0][3]: E0000000, CID: B105900D, PID: 000BBD21 ITM
ROMTbl[0][5]: E0041000, CID: B105900D, PID: 002BBD21 ETM
ROMTbl[0][6]: E0042000, CID: B105900D, PID: 000BBD21 CTI
Preparing target for download
Executing script TargetInterface.resetAndStop()
Reset: Halt core after reset via DEMCR.VC_CORERESET.
Reset: Reset device via AIRCR.SYSRESETREQ.
Reset: Core did not halt after reset, trying to disable WDT.
Reset: Halt core after reset via DEMCR.VC_CORERESET.
Reset: Reset device via AIRCR.SYSRESETREQ.
Reset: CPU did not halt after reset.
Reset: Using fallback: Reset pin.
Reset: Halt core after reset via DEMCR.VC_CORERESET.
Reset: Reset device via reset pin
Reset: VC_CORERESET did not halt CPU. (Debug logic also reset by reset pin?).
Reset: Reconnecting and manually halting CPU.
Found SW-DP with ID 0x6BA02477
AP map detection skipped. Manually configured AP map found.
AP[0]: AHB-AP (IDR: Not set)
AP[0]: Core found
AP[0]: AHB-AP ROM base: 0xE00FF000
CPUID register: 0x410FD212. Implementer code: 0x41 (ARM)
Found Cortex-M33 r0p2, Little endian.
Downloading ‘zephyr.hex’ to J-Link
Programming 10.5 KB of addresses 00040000 — 00042a2b
Failed to download RAMCode.
Failed to prepare for programming.
Failed to download RAMCode!
Preparing target for download
Executing script TargetInterface.resetAndStop()
Reset: Halt core after reset via DEMCR.VC_CORERESET.
Reset: Reset device via AIRCR.SYSRESETREQ.
Reset: Core did not halt after reset, trying to disable WDT.
Reset: Halt core after reset via DEMCR.VC_CORERESET.
Reset: Reset device via AIRCR.SYSRESETREQ.
Reset: CPU did not halt after reset.
Reset: Using fallback: Reset pin.
Reset: Halt core after reset via DEMCR.VC_CORERESET.
Reset: Reset device via reset pin
Reset: VC_CORERESET did not halt CPU. (Debug logic also reset by reset pin?).
Reset: Reconnecting and manually halting CPU.
Found SW-DP with ID 0x6BA02477
AP map detection skipped. Manually configured AP map found.
AP[0]: AHB-AP (IDR: Not set)
AP[0]: Core found
AP[0]: AHB-AP ROM base: 0xE00FF000
CPUID register: 0x410FD212. Implementer code: 0x41 (ARM)
Found Cortex-M33 r0p2, Little endian.
Downloading ‘zephyr.bin’ to J-Link
Programming 10.5 KB of data addresses 00040000 — 00042a2b
Failed to prepare for programming.
Could not preserve target memory.
And last but not least If I try to flash using nRFJprog :
$ nrfjprog.exe --program zephyr_nonnsec.hex
Parsing hex file.
Reading flash area to program to guarantee it is erased.
ERROR: The operation attempted is unavailable due to readback protection in
ERROR: your device. Please use --recover to unlock the device.
I even tried to use nRF Connect Programmer tool, but when I pick the device, it endlessly tries to do something on the board, but never enables Read, Write and ERASE buttons.
By the way I can recover from that state using --recover flag with nrfjrpog tool.
The question is the following : Is that possible with nRF9160 to load and lock the Secure part, give the board to another dev team that will load and lock the non secure part without having the possibility to dump or debug secure part ?
Spare info :
- SES v4.14
- nrfjprog v9.8.1
- board nRF9160-DK PCA10090 v0.8.2
