This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

nRF53 access port protection

I would like to enable access protection on my device, ie no debugger or flash access. Going through the docs, it looks like I’d have to do a few registers to get access protection fully enabled. I would like to confirm the following steps are necessary:

  • set UICR.APPROTECT to 0
  • set UICR.SECUREAPPROTECT to 0
  • set CTRL_AP.APPROTECT.LOCK to locked state
  • set CTRL_AP.SECUREAPPROTECT.LOCK to locked state

There is also ERASEPROTECT register. I would like to know if enabling erase protection means that a development device may never be able to be re-programmed? For example, will my nRF5DK stop accepting programming requests once this is set? Looks like it is possible to get it in this state by using it with APPROTECT according to this post: https://devzone.nordicsemi.com/f/nordic-q-a/69075/nrf5340-hardware-security-features-fuses-and-bus-protections/283484#283484

that points to this link (nRF9160):

https://infocenter.nordicsemi.com/index.jsp?topic=%2Fnan_041%2FAPP%2Fnan_production_programming%2Fcheck_approtect_enabled.html

But I couldn’t find information in this app note that explicitly mentions that this is possible

The app note above has the following information. I am curious to know how we can use JLink to perform this operation(ie write a known value to the register before being able to connect to the device):

To unlock the device, it must have compatible firmware that provides a 32-bit non-zero KEY value to ERASEPROTECT.DISABLE. When both the debugger and firmware provide the same 32-bit non-zero KEY value to ERASEPROTECT.DISABLE, the device does a Control Access Port (CTRL-AP) erase all operation. The access port is re-enabled on the next reset once the erase sequence is done.

Related