• State Verified Answer
  • Replies 3 replies
  • Subscribers 74 subscribers
  • Views 899 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 264272
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Removing JTAG Connector from PCB

tejaChintalapati

Hi,

I am exploring the idea of removing the JTAG port from the PCB to make it difficult to maliciously change the firmware on the field. I have the secure UART Boot-loader already working. I wanted to make sure I am not missing anything in the hardware and firmware that will render the product useless, should something happen to the Application firmware. I currently have:

  1. Physical reset switch on the PCB - Will this be enough to boot into bootloader, like what we do with the 52840-Dongle?
  2. Firmware with App, Bootloader and MBR. Please note that my app don't have Softdevice.
  3. Exposed UART pins to do secure DFU on the field, should something happen to the App.

Apart from these three, am I missing anything that can un-brick the 52840 on the field without the JTAG pins?

Parents
  • 0

    Hi,

    Physical reset switch on the PCB - Will this be enough to boot into bootloader, like what we do with the 52840-Dongle?

    I assume you mean pin reset? If so: yes, as long as you have configured your bootloader to enter DFU mode after pin reset. That means that you must set NRF_BL_DFU_ENTER_METHOD_PINRESET to 1 in the bootloader's sdk_config.h file.

    Apart from these three, am I missing anything that can un-brick the 52840 on the field without the JTAG pins?

    No, this is sensible if you have prevented access to the SWD pins. Note that it will only work as long as the MBR and bootloader is intact. If for some reason that is corrupt, then there is no way to recover without using SWD. The chance of that is very low though, as the bootloader protects itself from writing before starting the application (see nrf_bootloader_flash_protect() in nrf_bootloader_app_start_final.c).

  • 0 in reply to Einar Thorsrud

    Thanks for the reply, Einar.

    Einar Thorsrud said:

    I assume you mean pin reset? If so: yes, as long as you have configured your bootloader to enter DFU mode after pin reset. That means that you must set NRF_BL_DFU_ENTER_METHOD_PINRESET to 1 in the bootloader's sdk_config.h file.

    Yes. That'd a push button connected to the RESET pin of the 840.

    Einar Thorsrud said:
    Note that it will only work as long as the MBR and bootloader is intact.

    Is MBR part of the protected flash region of the secure bootloader?

    Einar Thorsrud said:
    Note that it will only work as long as the MBR and bootloader is intact.

    Can you please elaborate on: Under what conditions, do you think, BL and MBR can be corrupted?

  • +1 in reply to tejaChintalapati

    Hi,

    tejaChintalapati said:
    Is MBR part of the protected flash region of the secure bootloader?

    It is not part of the same region, but the MBR will also be protected (it protects itself before starting the bootloader).

    tejaChintalapati said:
    Can you please elaborate on: Under what conditions, do you think, BL and MBR can be corrupted?

    For completeness I wanted to add that there is no way to recover without SWD if the MBR or bootloader has been corrupted and no longer functions. However, it should normally never be corrupted, and by using ACL (as is done by default) the application will not be able to corrupt the bootloader or MBR. You could of course think of other reasons that could make this occur in a very few devices (act of God, aging or similar).

Reply
  • +1 in reply to tejaChintalapati

    Hi,

    tejaChintalapati said:
    Is MBR part of the protected flash region of the secure bootloader?

    It is not part of the same region, but the MBR will also be protected (it protects itself before starting the bootloader).

    tejaChintalapati said:
    Can you please elaborate on: Under what conditions, do you think, BL and MBR can be corrupted?

    For completeness I wanted to add that there is no way to recover without SWD if the MBR or bootloader has been corrupted and no longer functions. However, it should normally never be corrupted, and by using ACL (as is done by default) the application will not be able to corrupt the bootloader or MBR. You could of course think of other reasons that could make this occur in a very few devices (act of God, aging or similar).

Children
No Data
Related
Terms of service