Protect application data

Hi,

You do not necessarily need to use a flash region exclusively for this data, so it would probably be enough to reserve a flash page. A flash page is 4 kB, so while it is more than you need, it is far from 32 kB.

Is it written once during production? Then perhaps you could make it as simple as a static array that is all FF's in code so that you can just overwrite those addresses using a debugger after writing the firmware. In that case, it could reside anywhere in your code space without needing special attention what so ever.

We had saved this data on a specific address that even when doing FOTA this remains intact. However, we want to make sure that it will be protected. I was hoping similar to Access control lists or can be any that nRF9160 offers.

Yes, it is written once during production. We cannot use the static array that you have suggested.

Hi,

MIchael said:

We cannot use the static array that you have suggested.

Why not?

Based on the considerations you have described, the best way I can think of to get reasonable protection of the data without using a full flash region is to put this as an array within the SPM. This way, assuming it does not make the SPM grow across a 32 kB flash region, you don't have to use a separate additional 32 kB flash region (protected by flash access control), since it is within the region of SPM. Then you can just write different data to the application data array for each device during production. But there are many considerations here, and I do not know enough to say if other options could be better in your specific use case.