unlocking NRF52480

Dear all,

I have pca10059 nrf52480 dongle which I accidentally erased and I could not upload any elf file to run moreover it was not blinking red anymore, no presence in system.

I managed to restore the bootloader with this procedure:

https://devzone.nordicsemi.com/f/nordic-q-a/87495/nrf52480-dongle-bricked-after-recover-in-openocd/365842

Thenafter, the dongle started to flash red again and I could flash the dongle with my custom blinky example and the diode was blinking again.

The problem I am facing now is, I want to have a look at the running process via OpenOCD, but anytime I start openocd with this command:

openocd -f rpi_as_debugger.cfg -c "transport select swd" -c "adapter speed 100" -f target/nrf52.cfg

I get following problem:

(THE DONGLE IS RUNNING JUST FINE, I CAN SEE THE DIODE BLINKING, BUT AFTER FIRMWARE RESTORATION, IT SEEMS THE CHIP IS LOCKED, BUT WHY? AFTER I RECEIVED THE DONGLE FROM MOUSER, I COULD EASILY DEBUG THE SAME EXAMPLE AND OPENOCD WAS NOT PRINTING ANY PROBLEM, ANYWAY I AM USING SWD OVER RASPBERRY)

Is the chip detecting any internal error at startup being the reason it gets locked?

Open On-Chip Debugger 0.11.0+dev-00651-g9de084e00 (2022-04-24-10:22)
Licensed under GNU GPL v2
For bug reports, read
openocd.org/.../bugs.html
BCM2835 GPIO nums: swclk = 24, swdio = 25

swd
adapter speed: 100 kHz

Info : Listening on port 6666 for tcl connections
Info : Listening on port 4444 for telnet connections
Info : BCM2835 GPIO JTAG/SWD bitbang driver
Info : clock speed 1001 kHz
Info : SWD DPIDR 0x2ba01477
Error: [nrf52.cpu] Could not find MEM-AP to control the core
****** WARNING ******
nRF52 device has AP lock engaged (see UICR APPROTECT register).
Debug access is denied.
Use 'nrf52_recover' to erase and unlock the device.

Warn : target nrf52.cpu examination failed
Info : starting gdb server for nrf52.cpu on 3333
Info : Listening on port 3333 for gdb connections

During firmware restoration, I was also facing this, which I haven't a clue what it might be:

Warn : [nrf52.cpu] target was in unknown state when halt was requested
Info : SWD DPIDR 0x2ba01477
Error: Wrong parity detected

Thank you

  • Is it related to this?

    devzone.nordicsemi.com/.../working-with-the-nrf52-series-improved-approtect

    Regarding this info from OpenOCD printout:

    SWD DPIDR 0x2ba01477

    Is it related to the fact I read somewhere that the chip is running in low power mode and I have to set up some appropriate registers?

    I assumed that when flashing Nordic official bootloader via openOCD I return the entire firmware of nrf52480 dongle to factory settings.

    Do I have to update something more than a bootloader?Is it necessary to update some more firmware and is it possible that when erasing everything and flashing the Nordic bootloader the up-to-date bootloader hex file has a routine which automatically locks the dongle cpu preventing it from being debugged?

    If I make a backup of another dongle with older firmware and reflash my broken dongle with this older backup?Would it prevent if from locking?I assume that all the default settings for the hardware to run are stored somewhere in chip memory therefore erasing and reflashing must definitely resolve the issue or does it mean that by reflashing bootloader some chunk of the internal memory is untouched and the settings for the hardware to run are untouched when flashing new bootloader?

    If so,is there any firmware to flash apart from the bootloader hex file?I only found the bootloader hex file,anything else.

  • Hello,

    The OpenOCD is not really a tool that we support, and I am not in any way familiar with it. But looking at the log, it may look like APPROTECT is enabled. In that case, you need to recover the nRF52 (which will also delete the flash again).

    So I guess that if you want to use this programmer tool, you need to program your application directly, or create your own bootloader which doesn't enable the approtect. 

    For the dongle, and programming it using programmers in general (although not specifying the OpenOCD), I can recommend this blog post:

    https://devzone.nordicsemi.com/guides/short-range-guides/b/getting-started/posts/nrf52840-dongle-programming-tutorial

    Please see the section: "Using an external debugger" in particular.

    Best regards,

    Edvin

  • Thank you for your reply, could you please tell me whether APPROTECT is enabled by default?

    The thing is, I can recover the nrf52, it unlock the device and erases all. But once I flash the official bootloader again, it became locked again and you see the enclosed printout of OpenOCD, it is after flashing the firmware. The dongle works, I can flash applications, but it is locked. Even without any application, only with bootloader flashed (the dongle is blinking with red LED diode), it already is locked, at least according to OpenOCD.

    My goal is to, unlock the device, reflash the bootloader and than unlock it again without erasing it and reflashing the bootloader, since I think reflashing of bootloader makes it locked again.

    When I received the dongle, it looked like it was unlocked from factory, so I want to revert it to the same state as it was when I purchased it.

  • Dumping and flashing the image from one dongle to another another did not help, is the dumped image somehow checking the serial number of the board or version? Why I cannot dump image from one dongle and flash it to another dongle? I have to point out that even though both boards are nrf52480 one is version 2.1 and the other 1.2, maybe that is the reason I cannot just swap factory installed images between these two dongles.

    Is there any ftp or repository where can I download firmwares?

    Anyway, I think I found the solution according to all these hints:

    https://devzone.nordicsemi.com/f/nordic-q-a/85671/trying-to-disable-approtect-for-debugging

    https://devzone.nordicsemi.com/f/nordic-q-a/66907/how-to-change-a-uicr-register-value-when-approtect-is-enabled-on-the-nrf52

    https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/working-with-the-nrf52-series-improved-approtect

    It seems like AP protect must be disabled. But seems like running nrf52_recover in OpenOCD unlocks the device temporarily and as long as you keep the dongle powered or you ONLY reset the dongle it stays unlocked.Seems like reset does not effect the locking mechanism, but if you unplug the dongle from power and plug in back, it automatically locks the dongle again. nrf52_recover really unlocks the device, but it probably does not write HwDisabled (0x5A) to UICR.APPROTECT, for the dongle to stay unlocked even after power down. Moreover if you flash original pca10059 firmware, it sets UICR.APPROTECT (0x10001208) to 0x00 at startup, because the dongle is locked in both cases with or without flashing the image:

    1) after nrf52_recover (becoming unlocked) and power down/up (becoming locked  again)

    2) after nrf52_recover (becoming unlocked) and then init, halt, nrf5 mass_erase, program write_image nordic_firmware.hex verify, power down/up (becoming locked again)

    From this I assume the factory firmware locks the dongle for the SWD debug to be accessible (which does not correspond to the fact that after I purchased the dongle and first flashed zephyr blinky example and tried to debug it via Raspberry SWD OpenOCD and Eclipse remote debugger, I could debug it without any problems that means it was unlocked. Is it possible that my dongle had factory firmware which did not enable locking at startup?

    Anyway, the solution/workaround to disable locking after power down was to place code snippet mentioned at the end of this conversation:

    https://devzone.nordicsemi.com/f/nordic-q-a/85671/trying-to-disable-approtect-for-debugging

    Anyway, my question is, is it possible to somehow modify the UICR.APPROTECT register or to get firmware where UICR.APPROTECT is set to 00 or do you have any other way how to start up the dongle unlocked without having the unlocking code snipped attached to my blinky code?I am complete newbie in micro controllers as well as Nordic devices.

    Thank you

Related