Hi
In the final SLM version , please provide an option to disable and enable JTAG in software (thru AT command or by some means)
As part of security, this is needed
Regards
Sharath
Hi
In the final SLM version , please provide an option to disable and enable JTAG in software (thru AT command or by some means)
As part of security, this is needed
Regards
Sharath
Hi Sharath,
As referred in the documentation you can either use the standard SWD interface yourself or use our "nrfjprog" command line tool.
1. Option (in my opinion this is the easiest)
Open your command prompt -->
First command reads the UICR.APPROTECT register:
"APPROTECT blocks debugger read/write access to all CPU registers and memory mapped addresses."
nrfjprog --memrd 0x00FF8000
If this register has a value other than 0xFFFFFFFF, it is protected.
Here you can see my device is not protected:
So from the "device protection section" from my last post:
"write any value other than 0xFFFFFFFF to it, The protection activates after a reset"
So I write to this to the UICR.APPROTECT register with the command:
nrfjprog --memwr 0x00FF8000 --val 0x00000000
Then read out the register to make sure it is written using the previous command.
If I reset the device now it it will register the change and you will not be able to reach the device with the debugger.
As you see here I cannot read out any registers etc.
Only way to recover from only APPROTECT enabled is an full erase of the FLASH.
e.g.
nrfjprog --recover
----------------------------------------------------------------------
Another way to enable APPROTECT is to use the dedicated nrfjprog command:
nrfjprog --rbp ALL
Which basically does the same thing "under the hood" as shown with writing to the registers, but you do not need to reset the device for the readback protection to take in effect.
So if you want to make sure no-one can erase the flash as well you enable the ERASEPROTECT register as well.
However that should be avoided when only testing since it is very hard to recover from.
APPROTECT and ERASEPROTECT are enabled
It is recommended only under the final production phase when you know everything is set correctly and the device is ready.
2. Option (using the SWD protocol)
in this example we use the Jlink on board to access the CTRL-AP
Open up "J-Link commander"
Use command "?" to see full list of optional commands.
SWDSelect // Activate SWD SWDWriteDP 1 0x50000000 // Enable debug power SWDWriteDP 2 0x04000000 // Selects the 0x04XXXXXX Access Port and 0xXXXX00XX Register bank in the access port SWDReadAP 3 // CTRL-AP Bank 0, register offset 3 (APPROTECTSTATUS 0x00C): Access port protection status SWDReadAP 3 // //Second read returns the value: 0: enabled 1: not enabled
So here you can see I get:
0x00000003
and that is
0000 0000 0000 0000 0000 0000 0000 0011
in binary, so we can see from the APPROTECT.STATUS that both APPROTECT and SECUREPROTECT is disabled:
(ONGOING, I WILL UPDATE the rest of the information SOON)
Best regards,
Martin L.
