https://devzone.nordicsemi.com/f/nordic-q-a/76403/secure-boot-on-the-nrf52840Hi Team From what I learned, the BPROT or ACL can protect the bootloader can not be modified by the application. But is there any way to protect the chip from erased with &quot;nrfjprog -f nrf52 --eraseall&quot;? Because if the bootloader can be erased, theen-USTelligent Community 13Thu, 24 Jun 2021 15:05:50 GMThttps://devzone.nordicsemi.com/thread/317058?ContentTypeID=1Thu, 24 Jun 2021 15:05:50 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8286fada-8b94-485c-9739-452a29393664Sigurd[quote user="Wendel"]Is there any&nbsp;solutions to disable the SWD pins?&nbsp;[/quote] <p>&nbsp;No. It&#39;s not possible to disable it in such a way that it prevents a debugger the possibility to trigger a erase-all operation.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/316842?ContentTypeID=1Thu, 24 Jun 2021 05:07:34 GMT137ad170-7792-4731-bb38-c0d22fbe4515:c8143d93-31a0-4578-a10d-dfcb8abdf0d0Wendel<p>Hi Sigurd</p> [quote userid="15146" url="~/f/nordic-q-a/76403/secure-boot-on-the-nrf52840/315907#315907"]No. If someone have access to the SWD pins, they can use a debugger to erase the chip.[/quote] <p>Is there any&nbsp;solutions to disable the SWD pins?&nbsp;</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/315986?ContentTypeID=1Fri, 18 Jun 2021 01:26:50 GMT137ad170-7792-4731-bb38-c0d22fbe4515:519f40be-2a9f-4968-b1d5-9795d70d99cbWendel<p>Thanks for your reply.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/315907?ContentTypeID=1Thu, 17 Jun 2021 13:52:32 GMT137ad170-7792-4731-bb38-c0d22fbe4515:d1cd0f5a-583b-4d64-85a3-23b2d4b491dcSigurd<p>Hi,</p> [quote user=""]But is there any way to protect the chip from erased with &quot;nrfjprog -f nrf52 --eraseall&quot;?[/quote] <p>No. If someone have access to the SWD pins, they can use a debugger to erase the chip.</p> [quote user="Wendel"]does that means the signature check happened after DFU?[/quote] <p><span>The NRF_BL_APP_SIGNATURE_CHECK_REQUIRED</span><span>&nbsp;setting is to require signature&nbsp;</span><span><a title="Boot validation" href="https://infocenter.nordicsemi.com/topic/sdk_nrf5_v17.0.2/lib_secure_boot.html#secure_boot_validation">Boot validation</a>. Signature is checked&nbsp;<span>on each boot.</span></span></p> <p><span>You might find these cases interesting:</span></p> <p><span><a href="https://devzone.nordicsemi.com/f/nordic-q-a/70726/how-to-validate-signature-check-requirements">https://devzone.nordicsemi.com/f/nordic-q-a/70726/how-to-validate-signature-check-requirements</a></span></p> <p><a href="https://devzone.nordicsemi.com/f/nordic-q-a/74838/dfu-error-invalid_parameter-after-uploading-of-all-packets-via-dfu/">https://devzone.nordicsemi.com/f/nordic-q-a/74838/dfu-error-invalid_parameter-after-uploading-of-all-packets-via-dfu/</a></p> [quote user="Wendel"]Can I combine the init packet with bootloader+softdevice+application+bootloader setting, and program it into the chip directly?[/quote] <p><span></span></p> <p><span></span>You are not flashing the init packet, but you can merge&nbsp;<span>bootloader+softdevice+application+bootloader setting into a hex-file, and program it directly, yes.</span></p> <p><span></span></p> <p><span></span></p> <p>&nbsp;</p> <p>&nbsp;</p> <p>&nbsp;</p> <p>&nbsp;</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/315537?ContentTypeID=1Wed, 16 Jun 2021 08:48:42 GMT137ad170-7792-4731-bb38-c0d22fbe4515:15ccf910-8634-4677-b8db-9ff64810b451Wendel<p>Besides, the comment of NRF_BL_APP_SIGNATURE_CHECK_REQUIRED in sdk_config.h is &quot;Perform signature check on the app. Requires the signature to be sent in the init packet.&quot;, does that means the signature check happened after DFU?</p> <p>Can I combine the init packet with bootloader+softdevice+application+bootloader setting, and program it into the chip directly?</p><div style="clear:both;"></div>