5340 protect programs from theft

Hi,

You can read the hex files using the nRF Connect for Desktop -> Programmer App, or using nrfjprog.

nrfjprog --readcode app_flash_dump.hex --coprocessor CP_NETWORK

In order to prevent readout, you can enable the APPROTECT. It is disabled in most of our samples.

Best Regards,

Priyanka

Hi

thanks for reply

about APPROTECT.  i do't know how to write code.

Best regards

Hi

thanks for reply.

i have a look it,

the follow code is for nRF SDK,  but i'm using NCS2.0

#ifdef ENABLE_APPROTECT
	if ((NRF_UICR->APPROTECT & UICR_APPROTECT_PALL_Msk) !=
		(UICR_APPROTECT_PALL_Enabled << UICR_APPROTECT_PALL_Pos)) {

        NRF_NVMC->CONFIG = NVMC_CONFIG_WEN_Wen;
        while (NRF_NVMC->READY == NVMC_READY_READY_Busy){}

        NRF_UICR->APPROTECT = ((NRF_UICR->APPROTECT & ~((uint32_t)UICR_APPROTECT_PALL_Msk)) |
		    (UICR_APPROTECT_PALL_Enabled << UICR_APPROTECT_PALL_Pos));

        NRF_NVMC->CONFIG = NVMC_CONFIG_WEN_Ren;
        while (NRF_NVMC->READY == NVMC_READY_READY_Busy){}
   	}
#else
	if ((NRF_UICR->APPROTECT & UICR_APPROTECT_PALL_Msk) !=
		(UICR_APPROTECT_PALL_HwDisabled << UICR_APPROTECT_PALL_Pos)) {

        NRF_NVMC->CONFIG = NVMC_CONFIG_WEN_Wen;
        while (NRF_NVMC->READY == NVMC_READY_READY_Busy){}

        NRF_UICR->APPROTECT = ((NRF_UICR->APPROTECT & ~((uint32_t)UICR_APPROTECT_PALL_Msk)) |
		    (UICR_APPROTECT_PALL_HwDisabled << UICR_APPROTECT_PALL_Pos));

        NRF_NVMC->CONFIG = NVMC_CONFIG_WEN_Ren;
        while (NRF_NVMC->READY == NVMC_READY_READY_Busy){}
	}
#endif

Best regards

Sorry, I had shared the wrong link. Fat fingers!

Here's the link:  Allowing debugger access to nRF5340  

Hi

in CmakeLists.txt  add:

zephyr_compile_definitions_ifdef(CONFIG_NRF_APPROTECT_LOCK
ENABLE_APPROTECT)
zephyr_compile_definitions_ifdef(CONFIG_NRF_APPROTECT_USER_HANDLING
ENABLE_APPROTECT_USER_HANDLING)
zephyr_compile_definitions_ifdef(CONFIG_NRF_SECURE_APPROTECT_LOCK
ENABLE_SECURE_APPROTECT)
zephyr_compile_definitions_ifdef(CONFIG_NRF_SECURE_APPROTECT_USER_HANDLING
ENABLE_SECURE_APPROTECT_USER_HANDLING)
zephyr_library_compile_definitions_ifdef(CONFIG_NRF_TRACE_PORT
ENABLE_TRACE)

int prj.conf add:

in main top call  nrf_debug_port_disable()

void nrf_nvmc_write_word(uint32_t address, uint32_t value)
{
	// Enable flash write access and wait until the NVMC is ready
    NRF_NVMC->CONFIG = (NVMC_CONFIG_WEN_Wen << NVMC_CONFIG_WEN_Pos);
    while (NRF_NVMC->READY == NVMC_READY_READY_Busy) {;}

    // Write to the register and wait until the NVMC is ready
    *(uint32_t*)address = value;
    while (NRF_NVMC->READY == NVMC_READY_READY_Busy) {;}

	// Disable flash write access and wait until the NVMC is ready
    NRF_NVMC->CONFIG = (NVMC_CONFIG_WEN_Ren << NVMC_CONFIG_WEN_Pos);
    while (NRF_NVMC->READY == NVMC_READY_READY_Busy) {;}
}
void nrf_debug_port_disable(void)
{
	if(NRF_UICR->APPROTECT&0x000000ff)
    {
		printk("\nAccess Port Protection is not enabled --> Enable Access Port Protection now\n");
		/* Enable Access Port Protection
		 * Access through debugger to CPU registers, mapped-memory and RAM will be disabled
		 * To disable protection ERASEALL command must be applied. */
		nrf_nvmc_write_word((uint32_t)&NRF_UICR->APPROTECT, NRF_UICR->APPROTECT&0xffffff00);
		printk("Access Port Protection is now enabled --> Reboot to apply the config...\n");

		// Sleep is only necessary to show the logs before reboot for debug purposes
		k_msleep(2000);

		//NVIC_SystemReset();
		sys_reboot(SYS_REBOOT_COLD);
    }
	else
	{
		printk("\nAccess Port Protection is already enabled\n");
	}
}

Could you please confirm my understanding?

Best regards

Hi,

We recently added this information to the documentation, and it might be helpful:

https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/app_dev/ap_protect/index.html 

-Priyanka

Hi

ok, now

nrf5340dk_nrf5340_cpuapp

i only add tow line to prj.conf

Hi

ok, now

nrf5340dk_nrf5340_cpuapp

i only add tow line to prj.conf

Hi,

Have you tried it and does this solve your issue?

-Priyanka

Hi

test it on nRF5340-DK

when no call  nrf_debug_port_disable()

when call   nrf_debug_port_disable()  (even no

)

Best regards