nrf5340 Hardware Security Features (Fuses and Bus Protections)

Question

When evulating the nrf5340 for one of our projects, two questions came up regarding some of the security features used to mitigate tampering and malicious code: 
 
 What is the state of the debug port on reset? Is there a window of time before the APPROTECT fuse is used by the hardware to disable the port and reset were the port might be accessible? 
 For the DCNF that blocks the network core from reaching the app domain, are those registers only accessible from the network domain? Is there a way for the app core to block traffic from the network domain?

Einar Thorsrud · Accepted Answer

Hi, 
 The new APPROTECT scheme is a bit complicated, so I understand the confusion. 
 mrrosen said: For the APPROTECT, doesnt APPROTECT need to be disabled in order to flash the chip? 
 Yes. 
 mrrosen said: If so, if its enabled by default, without doing a ERASEALL, how can you program the device (isnt the AHB-AP access needed to write to the flash)? 
 You cannot program an empty device without first doing an ERASEALL. 
 mrrosen said: Also, while the ERASEALL enables the AHB-AP, once the device loses power or preforms a hard reset, the APPROTECT would be 0xFFFFFFFF, thus disabling AHB-AP and making the chip unflashable, correct? 
 Yes that is correct, unless you have written to UICR and flashed firmware that unlocks debugging. 
 mrrosen said: And even if APPROTECT isnt in a state disabling the AHB-AP, if firmware is also required to enable the AHB-AP, wouldnt the chip be unflashable still? 
 Yes, that is correct if you do a power cycle, reset or detach and reattach the debugger before attempting to program. A key here is that the normal condition for disabling APPROTECT (disabled in both UICR and CTRL-AP.APPROTECT.DISABLE) does not apply after an ERASEALL. When the IC is in a state where ERASEALL has occurred and there has been no reset and the debug session is active, you can program it. 
 The result of this is that in order to flash a device you must issue an ERASEALL, and then at the same time program the firmware. If you want to be able to subsequently debug, the you must enable APPROTECT in UICR while programing, and flash a piece of firmware that enables debugging by writing to CTRL-AP.APPROTECT.DISABLE. (For instance using nrfjprog, this is how it is doen behind the scenes when you call nrfjprog with the --recover option with a nRF5340 Engineering D or Rev 1 SoC.)

nrf5340 Hardware Security Features (Fuses and Bus Protections)

Top Replies