Hi there,
I am trying to enable the Read Back Protection in the software itself to avoid the FLASH, RAM etc. from being read with a debugger after being flashed for production. I succeeded to do so with the code below running on Zephyr OS, which works fine for our device nRF52840 of the hardware version "AAD0". My question is: would the same code work also for build codes Fxx and later? If not, what should I do to achieve the readback protection capability on the newer devices (Fxx and later)?
Another question, because I am not able to test this, as I don't have a device with build code Fxx: does the enabled Access Port Protection in any way limit the software from internally reading/writing Flash/Ram (not using the debugger)?
void nrf_nvmc_write_word(uint32_t address, uint32_t value)
{
// Enable flash write access and wait until the NVMC is ready
NRF_NVMC->CONFIG = (NVMC_CONFIG_WEN_Wen << NVMC_CONFIG_WEN_Pos);
while (NRF_NVMC->READY == NVMC_READY_READY_Busy) {;}
// Write to the register and wait until the NVMC is ready
*(uint32_t*)address = value;
while (NRF_NVMC->READY == NVMC_READY_READY_Busy) {;}
// Disable flash write access and wait until the NVMC is ready
NRF_NVMC->CONFIG = (NVMC_CONFIG_WEN_Ren << NVMC_CONFIG_WEN_Pos);
while (NRF_NVMC->READY == NVMC_READY_READY_Busy) {;}
}
void nrf_debug_port_disable(void)
{
k_sleep(K_MSEC(1000));
if (NRF_UICR->APPROTECT == 0xFFFFFFFF)
{
LOG_WRN("Access Port Protection is not enabled --> Enable Access Port Protection now");
/* Enable Access Port Protection
* Access through debugger to CPU registers, mapped-memory and RAM will be disabled
* To disable protection ERASEALL command must be applied. */
nrf_nvmc_write_word((uint32_t)&NRF_UICR->APPROTECT, 0xFFFFFF00);
LOG_INF("Access Port Protection is now enabled --> Reboot to apply the config...");
// Sleep is only necessary to show the logs before reboot for debug purposes
k_sleep(K_MSEC(2000));
//NVIC_SystemReset();
sys_reboot(SYS_REBOOT_COLD);
}
else
{
LOG_INF("Access Port Protection is already enabled");
}
}
Thanks!
