unlocking NRF52480

Hello,

The OpenOCD is not really a tool that we support, and I am not in any way familiar with it. But looking at the log, it may look like APPROTECT is enabled. In that case, you need to recover the nRF52 (which will also delete the flash again).

So I guess that if you want to use this programmer tool, you need to program your application directly, or create your own bootloader which doesn't enable the approtect. 

For the dongle, and programming it using programmers in general (although not specifying the OpenOCD), I can recommend this blog post:

https://devzone.nordicsemi.com/guides/short-range-guides/b/getting-started/posts/nrf52840-dongle-programming-tutorial

Please see the section: "Using an external debugger" in particular.

Best regards,

Edvin

Dumping and flashing the image from one dongle to another another did not help, is the dumped image somehow checking the serial number of the board or version? Why I cannot dump image from one dongle and flash it to another dongle? I have to point out that even though both boards are nrf52480 one is version 2.1 and the other 1.2, maybe that is the reason I cannot just swap factory installed images between these two dongles.

Is there any ftp or repository where can I download firmwares?

Anyway, I think I found the solution according to all these hints:

https://devzone.nordicsemi.com/f/nordic-q-a/85671/trying-to-disable-approtect-for-debugging

https://devzone.nordicsemi.com/f/nordic-q-a/66907/how-to-change-a-uicr-register-value-when-approtect-is-enabled-on-the-nrf52

https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/working-with-the-nrf52-series-improved-approtect

It seems like AP protect must be disabled. But seems like running nrf52_recover in OpenOCD unlocks the device temporarily and as long as you keep the dongle powered or you ONLY reset the dongle it stays unlocked.Seems like reset does not effect the locking mechanism, but if you unplug the dongle from power and plug in back, it automatically locks the dongle again. nrf52_recover really unlocks the device, but it probably does not write HwDisabled (0x5A) to UICR.APPROTECT, for the dongle to stay unlocked even after power down. Moreover if you flash original pca10059 firmware, it sets UICR.APPROTECT (0x10001208) to 0x00 at startup, because the dongle is locked in both cases with or without flashing the image:

1) after nrf52_recover (becoming unlocked) and power down/up (becoming locked  again)

2) after nrf52_recover (becoming unlocked) and then init, halt, nrf5 mass_erase, program write_image nordic_firmware.hex verify, power down/up (becoming locked again)

From this I assume the factory firmware locks the dongle for the SWD debug to be accessible (which does not correspond to the fact that after I purchased the dongle and first flashed zephyr blinky example and tried to debug it via Raspberry SWD OpenOCD and Eclipse remote debugger, I could debug it without any problems that means it was unlocked. Is it possible that my dongle had factory firmware which did not enable locking at startup?

Anyway, the solution/workaround to disable locking after power down was to place code snippet mentioned at the end of this conversation:

https://devzone.nordicsemi.com/f/nordic-q-a/85671/trying-to-disable-approtect-for-debugging

Anyway, my question is, is it possible to somehow modify the UICR.APPROTECT register or to get firmware where UICR.APPROTECT is set to 00 or do you have any other way how to start up the dongle unlocked without having the unlocking code snipped attached to my blinky code?I am complete newbie in micro controllers as well as Nordic devices.

Thank you

Dumping and flashing the image from one dongle to another another did not help, is the dumped image somehow checking the serial number of the board or version? Why I cannot dump image from one dongle and flash it to another dongle? I have to point out that even though both boards are nrf52480 one is version 2.1 and the other 1.2, maybe that is the reason I cannot just swap factory installed images between these two dongles.

Is there any ftp or repository where can I download firmwares?

Anyway, I think I found the solution according to all these hints:

https://devzone.nordicsemi.com/f/nordic-q-a/85671/trying-to-disable-approtect-for-debugging

https://devzone.nordicsemi.com/f/nordic-q-a/66907/how-to-change-a-uicr-register-value-when-approtect-is-enabled-on-the-nrf52

https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/working-with-the-nrf52-series-improved-approtect

It seems like AP protect must be disabled. But seems like running nrf52_recover in OpenOCD unlocks the device temporarily and as long as you keep the dongle powered or you ONLY reset the dongle it stays unlocked.Seems like reset does not effect the locking mechanism, but if you unplug the dongle from power and plug in back, it automatically locks the dongle again. nrf52_recover really unlocks the device, but it probably does not write HwDisabled (0x5A) to UICR.APPROTECT, for the dongle to stay unlocked even after power down. Moreover if you flash original pca10059 firmware, it sets UICR.APPROTECT (0x10001208) to 0x00 at startup, because the dongle is locked in both cases with or without flashing the image:

1) after nrf52_recover (becoming unlocked) and power down/up (becoming locked  again)

2) after nrf52_recover (becoming unlocked) and then init, halt, nrf5 mass_erase, program write_image nordic_firmware.hex verify, power down/up (becoming locked again)

From this I assume the factory firmware locks the dongle for the SWD debug to be accessible (which does not correspond to the fact that after I purchased the dongle and first flashed zephyr blinky example and tried to debug it via Raspberry SWD OpenOCD and Eclipse remote debugger, I could debug it without any problems that means it was unlocked. Is it possible that my dongle had factory firmware which did not enable locking at startup?

Anyway, the solution/workaround to disable locking after power down was to place code snippet mentioned at the end of this conversation:

https://devzone.nordicsemi.com/f/nordic-q-a/85671/trying-to-disable-approtect-for-debugging

Anyway, my question is, is it possible to somehow modify the UICR.APPROTECT register or to get firmware where UICR.APPROTECT is set to 00 or do you have any other way how to start up the dongle unlocked without having the unlocking code snipped attached to my blinky code?I am complete newbie in micro controllers as well as Nordic devices.

Thank you

There was a HW update for the nRF52 series where the APPROTECT is enabled instead of disabled by default, and this needs to be disabled from UICR and from the SW. I am not sure whether there exists any precompiled bootloader that takes this into account.

That being said. Do you really need to disable the APPROTECT? The point of the bootloader is that you can program it over USB, and skip the bootloader, right? If you have a debugger (your OpenOCD), then why do you need the bootloader in the first place?

BR,
Edvin

Actually,I was not able to program the dongle via OpenOCD,therefore I was able to successfully prpgram the dongle via nrfutil and debug via OpenOCD.But I still do not know how to program it via OpenOCD correctly,I know the commands to flash elf file,but ut simply does not run.,yet.

Oh. I thought you were. I am not at all familiar with OpenOCD, and it is not a tool that we support from Nordic's side. If you have erased the bootloader, you need a debugger/programmer to program it back in. 

If you have a programmer, you can use nRF Command Line Tools and the command "nrfjprog --recover" to disable the APPROTECT. If you do not program the bootloader back in, you can't use the dongle with nRF Connect for Desktop, but you can still program applications directly (if you have a working programmer). If you don't have a programmer, an nRF DK will also work as an external programmer, if you have the correct cables to connect the programming pins on the dongle to the debug out port from the DK. Search for "program external device DK" here on DevZone for more details.

Best regards,

Edvin

Dear sir,

I am enclosing photo of my setup.Actually,I resoldered the SWD wiring and now OpenOCD can find the CPU but after nrf52_recover command,I stll cannot flash the original bootloader.

Te command to start OpenOCD is:

openocd -f rpi_as_debugger.cfg -c "transport select swd" -c "adapter speed 100" -f target/nrf52.cfg

I am also enclosing photo of openocd right after startup,but I still cannot write any new flash image.Grounds are the same,the dongle is connected to usb hub which is powered from Raspberry USB port.With such a configuration,I used to flash new images and debug my code as well,therefore I assume the congfiguration is correct.