Hello,
I turned on the flash protect function through the CONFIG_FPROTECT switch, and the system kept running until spm_config_flash restarted.
Flash protect code in mcuboot
#define PROTECT_SIZE 0x8000
#define PROTECT_ADDR 0
#endif
rc = fprotect_area(PROTECT_ADDR, PROTECT_SIZE);
if (rc != 0) {
BOOT_LOG_ERR("Protect mcuboot flash failed, cancel startup.");
while (1)
;
}
Configure No-secure Flash code in SPM :
static void spm_config_flash(void)
{
/* Regions of flash up to and including SPM are configured as Secure.
* The rest of flash is configured as Non-Secure.
*/
const uint32_t secure_flash_perm = FLASH_READ | FLASH_WRITE | FLASH_EXEC
| FLASH_LOCK | FLASH_SECURE;
const uint32_t nonsecure_flash_perm = FLASH_READ | FLASH_WRITE | FLASH_EXEC
| FLASH_LOCK | FLASH_NONSEC;
PRINT("Flash regions\t\tDomain\t\tPermissions\n");
config_regions(false, 0, NON_SECURE_FLASH_REGION_INDEX,
secure_flash_perm);
config_regions(false, NON_SECURE_FLASH_REGION_INDEX,
NUM_FLASH_SECURE_ATTRIBUTION_REGIONS,
nonsecure_flash_perm);
PRINT("\n");
It seems a bit contradictory here, we protect the 0~0x8000 address in Flash, but set the 0~0x100 address in SPM as a non-secure area.
How to enable mcuboot's FPROTECT feature in nrf9160 No-Secure app? Can you provide some examples?
