UICR fromlisting #3393
Merged
UICR fromlisting #3393
+276
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Oct 13, 2025
SebastianBoe
force-pushed
the
ncs_gen_uicr_wdt
branch
2 times, most recently
from
01d48b0 to
1a7614d
Compare
nordicjm
approved these changes
Oct 14, 2025
jonathannilsen
approved these changes
Oct 16, 2025
SebastianBoe
force-pushed
the
ncs_gen_uicr_wdt
branch
from
1a7614d to
4986d37
Compare
Add support for UICR.SECONDARY.TRIGGER configuration, which enables automatic booting of secondary firmware based on specific reset reasons. This introduces Kconfig options for configuring: - UICR.SECONDARY.TRIGGER.ENABLE - Enable/disable automatic triggers - UICR.SECONDARY.TRIGGER.RESETREAS - Bitmask of reset reasons that trigger secondary firmware boot Individual Kconfig options are provided for each reset reason: - APPLICATIONWDT0/1 - Application core watchdog timeouts - APPLICATIONLOCKUP - Application core CPU lockup - RADIOCOREWDT0/1 - Radio core watchdog timeouts - RADIOCORELOCKUP - Radio core CPU lockup Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 9dc2b61)
…ECTEDMEM Add support for UICR.SECONDARY.PROTECTEDMEM configuration, which enables configuration of the protected memory region for secondary firmware. This introduces Kconfig options for configuring: - GEN_UICR_SECONDARY_PROTECTEDMEM - Enable/disable protected memory for secondary firmware - GEN_UICR_SECONDARY_PROTECTEDMEM_SIZE_BYTES - Size of the protected memory region in bytes The implementation validates that the configured size is divisible by 4096 bytes (4 KiB) as required by the hardware, and converts it to 4 KiB units when writing to UICR.SECONDARY.PROTECTEDMEM.SIZE4KB. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit c3f6b8c)
Add support for UICR.LOCK configuration, which locks the entire UICR configuration in NVR0 to prevent unauthorized modifications. This introduces a Kconfig option GEN_UICR_LOCK that enables locking of the UICR. Once locked, the UICR can only be modified by performing an ERASEALL operation. This is a critical security feature for production devices, typically enabled alongside UICR.APPROTECT, UICR.PROTECTEDMEM, and UICR.ERASEPROTECT to establish a complete device protection scheme. When enabled, the gen_uicr.py script sets UICR.LOCK to 0xFFFFFFFF, which configures the NVR0 page as read-only and enforces integrity checks on the UICR content. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 1ffdf09c25dfb0082bdaccab5232823b73a15494)
Add support for UICR.ERASEPROTECT configuration, which blocks ERASEALL operations to prevent bulk erasure of protected memory. This introduces a Kconfig option GEN_UICR_ERASEPROTECT that enables blocking of ERASEALL operations on NVR0, preserving UICR settings even if an attacker attempts a full-chip erase. This is a critical security feature for production devices. When enabled together with UICR.LOCK, it becomes impossible to modify the UICR in any way, establishing a permanent device protection scheme. Due to this irreversibility, it should only be enabled during the final stages of production. When enabled, the gen_uicr.py script sets UICR.ERASEPROTECT to 0xFFFFFFFF, which prevents the ERASEALL command from affecting the NVR0 page. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit e20352d80a02cbf1053932bfcd34489ba4a0f369)
Add support for UICR.APPROTECT configuration, which controls debugger and access-port permissions through the TAMPC peripheral. This introduces three Kconfig options that allow independent control over access port protection for different processor domains: - GEN_UICR_APPROTECT_APPLICATION_PROTECTED: Controls debug access to the application domain processor - GEN_UICR_APPROTECT_RADIOCORE_PROTECTED: Controls debug access to the radio core processor - GEN_UICR_APPROTECT_CORESIGHT_PROTECTED: Controls access to the CoreSight debug infrastructure When enabled, each option sets the corresponding UICR.APPROTECT register to PROTECTED (0xFFFFFFFF), which disables debug access for that domain. When disabled, the registers remain at their erased value (UNPROTECTED), allowing full debug access. This feature is critical for production devices where debug access must be restricted to prevent unauthorized access to sensitive code and data. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 1438f8ae69f8869a7a99a241e50cb238b8174d11)
…e transition Add --permit-permanently-transitioning-device-to-deployed safety flag to gen_uicr.py, required when enabling both UICR.LOCK and UICR.ERASEPROTECT together. This prevents accidental permanent locking of devices since this combination makes the configuration irreversible. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 35b89ab)
SebastianBoe
force-pushed
the
ncs_gen_uicr_wdt
branch
from
4986d37 to
eaab7f6
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.