Hello,
For nRF53 the ENABLE_APPROTECT_USER_HANDLING macro can be defined to let the application handle access port protection:
/* Function that handles firmware-driven enabling or disabling of APPROTECT on devices where it is supported.
If ENABLE_APPROTECT is defined, the FW will lock the fw branch of the APPROTECT mechanism,
preventing it from being opened.
If ENABLE_APPROTECT_USER_HANDLING is defined, the FW will not write to the fw branch of the APPROTECT mechanism.
This allows later stages of the fw to handle APPROTECT,
for example to implement authenticated debug.
Otherwise, the fw branch state is loaded from UICR.
The same mechanism is implemented for SECURE APPROTECT, with the macros
ENABLE_SECURE_APPROTECT and ENABLE_SECURE_APPROTECT_USER_HANDLING. */
static inline void nrf53_handle_approtect(void)
{
#if defined(NRF_APPLICATION)
#if defined (ENABLE_APPROTECT)
/* Prevent processor from unlocking APPROTECT soft branch after this point. */
NRF_CTRLAP_S->APPROTECT.LOCK = CTRLAPPERI_APPROTECT_LOCK_LOCK_Locked;
#elif defined (ENABLE_APPROTECT_USER_HANDLING)
/* Do nothing, allow user code to handle APPROTECT. Use this if you want to enable authenticated debug. */
#else
/* Load APPROTECT soft branch from UICR.
If UICR->APPROTECT is disabled, CTRLAP->APPROTECT will be disabled. */
NRF_CTRLAP_S->APPROTECT.DISABLE = NRF_UICR_S->APPROTECT;
#endif
// ...
}However this is not the case for nRF52:
/* Function that handles firmware-driven enabling or disabling of APPROTECT on devices where it is supported.
If ENABLE_APPROTECT is defined, the FW will lock the fw branch of the APPROTECT mechanism,
preventing it from being opened.
Otherwise, the fw branch state is loaded from UICR, emulating the legacy APPROTECT behavior.
The same mechanism is implemented for SECURE APPROTECT, with the macros
ENABLE_SECURE_APPROTECT and ENABLE_SECURE_APPROTECT_USER_HANDLING. */
static inline void nrf52_handle_approtect(void)
{
#if NRF52_CONFIGURATION_249_PRESENT
#if defined (ENABLE_APPROTECT)
if (nrf52_configuration_249())
{
/* Prevent processor from unlocking APPROTECT soft branch after this point. */
NRF_APPROTECT->FORCEPROTECT = APPROTECT_FORCEPROTECT_FORCEPROTECT_Force;
}
#else
if (nrf52_configuration_249())
{
/* Load APPROTECT soft branch from UICR.
If UICR->APPROTECT is disabled, POWER->APPROTECT will be disabled. */
NRF_APPROTECT->DISABLE = NRF_UICR->APPROTECT;
}
#endif
#endif
}This means that if NRF_UICR->APPROTECT is set to UICR_APPROTECT_PALL_HwDisabled then the access port protection will be disabled by default. I suppose the firmware can later re-enable it but there will be a short window of time where is will still be disabled...
I suggest to have the same macro for the nRF52:
/* Function that handles firmware-driven enabling or disabling of APPROTECT on devices where it is supported.
If ENABLE_APPROTECT is defined, the FW will lock the fw branch of the APPROTECT mechanism,
preventing it from being opened.
If ENABLE_APPROTECT_USER_HANDLING is defined, the FW will not write to the fw branch of the APPROTECT mechanism.
This allows later stages of the fw to handle APPROTECT,
for example to implement authenticated debug.
Otherwise, the fw branch state is loaded from UICR. */
static inline void nrf52_handle_approtect(void)
{
#if NRF52_ERRATA_249_PRESENT
#if defined (ENABLE_APPROTECT)
if (nrf52_errata_249())
{
/* Prevent processor from unlocking APPROTECT soft branch after this point. */
NRF_APPROTECT->FORCEPROTECT = APPROTECT_FORCEPROTECT_FORCEPROTECT_Force;
}
#elif defined (ENABLE_APPROTECT_USER_HANDLING)
/* Do nothing, allow user code to handle APPROTECT. Use this if you want to enable authenticated debug. */
#else
if (nrf52_errata_249())
{
/* Load APPROTECT soft branch from UICR.
If UICR->APPROTECT is disabled, POWER->APPROTECT will be disabled. */
NRF_APPROTECT->DISABLE = NRF_UICR->APPROTECT;
}
#endif
#endif
}
Hello,
For nRF53 the
ENABLE_APPROTECT_USER_HANDLINGmacro can be defined to let the application handle access port protection:However this is not the case for nRF52:
This means that if
NRF_UICR->APPROTECTis set toUICR_APPROTECT_PALL_HwDisabledthen the access port protection will be disabled by default. I suppose the firmware can later re-enable it but there will be a short window of time where is will still be disabled...I suggest to have the same macro for the nRF52: