How to fuse nRF9160 debug port?

Question

Hi, 
 How do we fuse the debug port on nRF9160? The purpose is to block all access and the ability to erase all from outside. 
 
 This is my understanding: 
 
 From debugger as last step in factory: 
 Set UICR APPROTECT=0 to disable DAP access (non-volatile setting) 
 Set UICR ERASEPROTECT=0 to disable erase all through CTRL-AP ( non-volatile setting) 
 
 At each device boot as early as possible: 
 Set ERASEPROTECT.DISABLE=0 to disable possibilty to enable erase all again 
 Set ERASEPROTECT.LOCK=1 to disable possibilty to write ERASEPROTECT.DISABLE (strictly not necessary, but a safe guard?) 
 
 Is my understanding correct? 
 
 A related question: 
 Thingy91 has a nRF52xx SoC. Is it possible to fuse its debug port in the same way? 
 
 BR / Björn

Stian Røed Hafskjold · Accepted Answer

Hi, the APPROTECT and ERASEPROTECT in UICR alone will block all access and the possibility to erase all from outside. If there is no predefined mechanism in the FW which can write a non-zero value to the ERASEPROTECT.DISABLE register, it will be impossible to access the chip again. 
 The ERASEPROTECT.DISABLE is set to 0 by default so it's not necessary to write to this register at startup. But it wouldn't hurt to set this to 0 again, if you want to be 100% sure. 
 The LOCK register prevents anything in the FW to write to the DISABLE register, so that is more important IMO. In case of code injection of some sort, even though that would be very theoretical.

Stian Røed Hafskjold · Answer

The nRF52840 does not have the ERASEPROTECT register. So while you can have full read back protection, and make it impossible to alter the FW in some way through the SWD port; there will always be a possibility to do a full erase of the chip, and then flash another firmware.

How to fuse nRF9160 debug port?

Top Replies