[nRF51822] How to merge software device and application code to one hex file

There is a tool called mergehex in the C:\Program Files (x86)\Nordic Semiconductor\nrf51\bin folder that can do this. Its syntax can be seen in its built-in help-function:

C:\Program Files (x86)\Nordic Semiconductor\nrf51\bin>mergehex --help

Usage:
-------------------------------------------------------------------------------

 -h  --help                  Prints this help.

 -q  --quiet                 Reduces the stdout text info. Must be combined
                             with another command.

 -v  --version               Prints the version of this utility.

 -m  --merge <hex_file_1> <hex_file_2>  Hex files to be merged.

 -o  --output <hex_file>                Hex file result of the merge.

-------------------------------------------------------------------------------

This small application is used to merge two hex files.
Example use: mergehex.hex -m hex_file_1.hex hex_file_2.hex -o output_file.hex

But how do you make sure the softdevice code is protected for the application? if you merge the softdevice with application code then the application can read softdevice ram data, right?

I assume it is not possible to place the combined hex in application space because the peripherals will be blocked for the softdevice as well. And placing the application code in region 0 will generate some really bad security issues. It is now possible for the application code to read/write the softdevice ram etc.

So why would nordic approve this?

We are busy with our own softdevice, but reading this makes me a bit concerned about the purpose of code region protection when the application can be merged with softdevice.

But how do you make sure the softdevice code is protected for the application? if you merge the softdevice with application code then the application can read softdevice ram data, right?

I assume it is not possible to place the combined hex in application space because the peripherals will be blocked for the softdevice as well. And placing the application code in region 0 will generate some really bad security issues. It is now possible for the application code to read/write the softdevice ram etc.

So why would nordic approve this?

We are busy with our own softdevice, but reading this makes me a bit concerned about the purpose of code region protection when the application can be merged with softdevice.

How you flash the softdevice and application doesn't affect the run-time protection in any way, so I'm not quite sure I understand what you mean.

All the RAM protection is set up at run-time, so even if the softdevice and application were programmed combined, this will still work as it's supposed to.

Beware that the mergehex doesn't do any magic, the application is still located in code region 1 and the softdevice in code region 0, it just combines the hex files. Everything that mergehex does can be easily done with Python and IntelHex if you want to. Let me know if anything is still unclear.

Ah ok, i thought the new hex file could only be placed in 1 region.