This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to fuse nRF9160 debug port?

Hi,

How do we fuse the debug port on nRF9160? The purpose is to block all access and the ability to erase all from outside. 

This is my understanding:

From debugger as last step in factory:

Set UICR APPROTECT=0 to disable DAP access (non-volatile setting)

Set UICR ERASEPROTECT=0 to disable erase all through CTRL-AP (non-volatile setting)

At each device boot as early as possible:

Set ERASEPROTECT.DISABLE=0 to disable possibilty to enable erase all again

Set ERASEPROTECT.LOCK=1 to disable possibilty to write ERASEPROTECT.DISABLE (strictly not necessary, but a safe guard?)

Is my understanding correct?

 

A related question:

Thingy91 has a nRF52xx SoC. Is it possible to fuse its debug port in the same way?

BR / Björn

Parents
  • Hi, the APPROTECT and ERASEPROTECT in UICR alone will block all access and the possibility to erase all from outside. If there is no predefined mechanism in the FW which can write a non-zero value to the ERASEPROTECT.DISABLE register, it will be impossible to access the chip again.

    The ERASEPROTECT.DISABLE is set to 0 by default so it's not necessary to write to this register at startup. But it wouldn't hurt to set this to 0 again, if you want to be 100% sure.

    The LOCK register prevents anything in the FW to write to the DISABLE register, so that is more important IMO. In case of code injection of some sort, even though that would be very theoretical.

  • Thanks for your response Stian,

    I agree, considering code injection the LOCK register is important!

    Can you confirm that it is possible to fuse the nRF52840 debug port in the same way?

    BR / Björn

Reply Children
Related