https://devzone.nordicsemi.com/f/nordic-q-a/63136/mitigation-for-appprotect-attackHi, I’m looking at starting a new design that would be based on the nrf52840, however it seems that the flash readout protection is now fairly broken on this device. Are there any mitigation strategies planned or proposed ? Otherwise I may need to looken-USTelligent Community 13Tue, 04 Feb 2025 13:50:37 GMThttps://devzone.nordicsemi.com/thread/521323?ContentTypeID=1Tue, 04 Feb 2025 13:50:37 GMT137ad170-7792-4731-bb38-c0d22fbe4515:f8bbdaa9-5528-4ac0-a973-8f7292744f68Vincent Bela&#239;che<p>Thank you for your reply, it is crystal clear.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/521319?ContentTypeID=1Tue, 04 Feb 2025 13:44:35 GMT137ad170-7792-4731-bb38-c0d22fbe4515:64866cac-502a-4224-a85f-d97151da4a25J&#248;rgen Holmefjord[quote] but if the bootloader is based on SDK 15.x.x, the SystemInit of the bootloader will not call&nbsp;nrf52_handle_approtect(), it will be called only when the&nbsp;SystemInit of the App is called, but then you have had some sort of SoftReset when the bootloader starts the App, so you are not directly after a hard reset. Does it matter ?[/quote] <p>Correct, the full protection will not be enabled until the application code runs, meaning that the bootloader is not protected.</p> [quote]One more question : does it mean that during the execution of the bootloader the attack mitigation is not done,so there is still some time gap in which the attack would be possible (said otherwise upgrading the bootloader to SDK 17.1.0 would be advisable).[/quote] <p>Yes, upgrading the bootloader to SDK17.1.0 or the required MDK version is definitely advisable.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/508318?ContentTypeID=1Tue, 29 Oct 2024 10:06:03 GMT137ad170-7792-4731-bb38-c0d22fbe4515:85ac6d10-55fe-4614-b1f1-4cffac709ef7Vincent Bela&#239;che<p>Dear <a href="https://devzone.nordicsemi.com/members/joh2">Jørgen Holmefjord</a>&nbsp;,</p> <p>I have a similar question concerning the AppProtect attack mitigation as described by&nbsp;<a href="https://docs.nordicsemi.com/bundle/IN/resource/in_141_v1.1.pdf">In 141 v1.1</a>. If I use SDK 17.1.0 for the Application but the booloader is not upgraded and is still based on SDK 15.x.x, will my product benefit from the mitigation. The international notice says &laquo; 4. Perform a hard reset to protect the device. The programmed code from step 2 will write APPROTECT.FORCEPROTECT to Force (0x00). &raquo;, but if the bootloader is based on SDK 15.x.x, the SystemInit of the bootloader will not call&nbsp;nrf52_handle_approtect(), it will be called only when the&nbsp;SystemInit of the App is called, but then you have had some sort of SoftReset when the bootloader starts the App, so you are not directly after a hard reset. Does it matter ?</p> <p>One more question : does it mean that during the execution of the bootloader the attack mitigation is not done,so there is still some time gap in which the attack would be possible (said otherwise upgrading the bootloader to SDK 17.1.0 would be advisable).</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/257409?ContentTypeID=1Mon, 29 Jun 2020 13:26:56 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8d50ec09-0c15-4983-87f7-1826ae40dbedJ&#248;rgen Holmefjord<p>Hi,</p> <p>The available information can be found in&nbsp;<a title="IN133 Informational Notice v1.0" href="https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf?cp=4_0_2_0">IN133 Informational Notice v1.0</a>. For questions about roadmaps and future plans, please contact your regional sales manager.</p> <p>If you do not have the contact details, please send me a private message with your location and I will provide you with the information.</p> <p>Best regards,<br />Jørgen</p><div style="clear:both;"></div>