unlocking NRF52480

Hello,

The OpenOCD is not really a tool that we support, and I am not in any way familiar with it. But looking at the log, it may look like APPROTECT is enabled. In that case, you need to recover the nRF52 (which will also delete the flash again).

So I guess that if you want to use this programmer tool, you need to program your application directly, or create your own bootloader which doesn't enable the approtect. 

For the dongle, and programming it using programmers in general (although not specifying the OpenOCD), I can recommend this blog post:

https://devzone.nordicsemi.com/guides/short-range-guides/b/getting-started/posts/nrf52840-dongle-programming-tutorial

Please see the section: "Using an external debugger" in particular.

Best regards,

Edvin

Hello,

The OpenOCD is not really a tool that we support, and I am not in any way familiar with it. But looking at the log, it may look like APPROTECT is enabled. In that case, you need to recover the nRF52 (which will also delete the flash again).

So I guess that if you want to use this programmer tool, you need to program your application directly, or create your own bootloader which doesn't enable the approtect. 

For the dongle, and programming it using programmers in general (although not specifying the OpenOCD), I can recommend this blog post:

https://devzone.nordicsemi.com/guides/short-range-guides/b/getting-started/posts/nrf52840-dongle-programming-tutorial

Please see the section: "Using an external debugger" in particular.

Best regards,

Edvin

Thank you for your reply, could you please tell me whether APPROTECT is enabled by default?

The thing is, I can recover the nrf52, it unlock the device and erases all. But once I flash the official bootloader again, it became locked again and you see the enclosed printout of OpenOCD, it is after flashing the firmware. The dongle works, I can flash applications, but it is locked. Even without any application, only with bootloader flashed (the dongle is blinking with red LED diode), it already is locked, at least according to OpenOCD.

My goal is to, unlock the device, reflash the bootloader and than unlock it again without erasing it and reflashing the bootloader, since I think reflashing of bootloader makes it locked again.

When I received the dongle, it looked like it was unlocked from factory, so I want to revert it to the same state as it was when I purchased it.

Dumping and flashing the image from one dongle to another another did not help, is the dumped image somehow checking the serial number of the board or version? Why I cannot dump image from one dongle and flash it to another dongle? I have to point out that even though both boards are nrf52480 one is version 2.1 and the other 1.2, maybe that is the reason I cannot just swap factory installed images between these two dongles.

Is there any ftp or repository where can I download firmwares?

Anyway, I think I found the solution according to all these hints:

https://devzone.nordicsemi.com/f/nordic-q-a/85671/trying-to-disable-approtect-for-debugging

https://devzone.nordicsemi.com/f/nordic-q-a/66907/how-to-change-a-uicr-register-value-when-approtect-is-enabled-on-the-nrf52

https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/working-with-the-nrf52-series-improved-approtect

It seems like AP protect must be disabled. But seems like running nrf52_recover in OpenOCD unlocks the device temporarily and as long as you keep the dongle powered or you ONLY reset the dongle it stays unlocked.Seems like reset does not effect the locking mechanism, but if you unplug the dongle from power and plug in back, it automatically locks the dongle again. nrf52_recover really unlocks the device, but it probably does not write HwDisabled (0x5A) to UICR.APPROTECT, for the dongle to stay unlocked even after power down. Moreover if you flash original pca10059 firmware, it sets UICR.APPROTECT (0x10001208) to 0x00 at startup, because the dongle is locked in both cases with or without flashing the image:

1) after nrf52_recover (becoming unlocked) and power down/up (becoming locked  again)

2) after nrf52_recover (becoming unlocked) and then init, halt, nrf5 mass_erase, program write_image nordic_firmware.hex verify, power down/up (becoming locked again)

From this I assume the factory firmware locks the dongle for the SWD debug to be accessible (which does not correspond to the fact that after I purchased the dongle and first flashed zephyr blinky example and tried to debug it via Raspberry SWD OpenOCD and Eclipse remote debugger, I could debug it without any problems that means it was unlocked. Is it possible that my dongle had factory firmware which did not enable locking at startup?

Anyway, the solution/workaround to disable locking after power down was to place code snippet mentioned at the end of this conversation:

https://devzone.nordicsemi.com/f/nordic-q-a/85671/trying-to-disable-approtect-for-debugging

Anyway, my question is, is it possible to somehow modify the UICR.APPROTECT register or to get firmware where UICR.APPROTECT is set to 00 or do you have any other way how to start up the dongle unlocked without having the unlocking code snipped attached to my blinky code?I am complete newbie in micro controllers as well as Nordic devices.

Thank you

There was a HW update for the nRF52 series where the APPROTECT is enabled instead of disabled by default, and this needs to be disabled from UICR and from the SW. I am not sure whether there exists any precompiled bootloader that takes this into account.

That being said. Do you really need to disable the APPROTECT? The point of the bootloader is that you can program it over USB, and skip the bootloader, right? If you have a debugger (your OpenOCD), then why do you need the bootloader in the first place?

BR,
Edvin

Dear sir, I am a complete newbie in microcontrollers.I just needed to unlock it to have debugging capability of the dongle via SWD.

Before the accident,I could debug the code easily,now I have to add these unlocking lines of code beforecmy code runs.I am fine with that anyway.I was just curious whether ir is possible to unlock the device without those lines of code.I had an idea to dump factory firmware from my another dongle which is unlocked from factory a flash the locked dongle,but I am wondering why this procedure does not work as the devices are identical,but hardware versions are different.

It sounds like there was a different bootloader.hex file flashed on the dongle before you erased it. One that turned off the APPROTECT. I guess the bootloader file from the first link doesn't have this patch. 

However, the dongle is not really a development board, as it doesn't have a debugger. This is why it has a bootloader in the first place. The bootloader is a way to update the FW on the dongle without a debugger. 

If you have a programmer that you can use on the dongle, I suggest you just erase the bootloader, and debug without the bootloader being present. Then, when you are happy with your application, you can flash the bootloader back in together with the application (and softdevice/MBR) if you want to keep the possibility to update FW without a debugger/programmer. 

Another option would be to build your own bootloader. The bootloader on the dongle is heavily based on the nRF5 SDK\examples\dfu\open_bootloader\pca10059_usb\ and then you can apply the fix from here:

https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/working-with-the-nrf52-series-improved-approtect

("fix", as in disabling the approtect in your bootloader code, e.g. in main.c).

Debugging is usually easier when a bootloader is not present either way, so I suggest you just add it when you are done developing.

Best regards,

Edvin