• State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 25 subscribers
  • Views 250 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 288580
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I confirm the new APPROTECT behavior of the new nRF52832?

user13715

I'm testing with the new rev of the nRF52832 (build code QFAAGB on the package), and I'm not able to observe behavior that makes sense to me per the updated product spec.

My basic test has been to do an application-only load of my project that uses the SoftDevice. If it boots (as observed via UART output), then the SoftDevice was not erased, and Access Port Protection was not enabled. If it does not boot, the SoftDevice was erased, so Access Port Protection was enabled. I'm doing the loading via Keil uVision.

What I'm seeing is that my old code behaves identically. All this did was that if we were in Production build configuration, we write UICR_APPROTECT_PALL_Enabled to NRF_UICR->APPROTECT, and in Debug configuration, we do nothing to UICR. This code appears to function identically on the new hardware: If I load a Debug application, another application load works fine, but if I load a Production application, the chip is erased when I load another application. On the new hardware, I would have expected the boot to fail in both configurations.

The "old code" uses MDK 8.15 and does not touch the new DISABLE and FORCEPROTECT registers.

Is there another way that I can verify that there is some new behavior related to APPROTECT? Hopefully, there is something easier than trying to reproduce the original attack.

Parents
  • 0

    Hello,

    Not sure if I understand, there is nothing preventing old software to run on the new revision, we do however recommend to update the MDK files to take advantage of the new security features in the new revision, and you will also need to have installed recent nrf command line tools (nrfjprog) that handle the new revision as intended. As long as you do not do a hard reset of the board, then the APPROTECT will likely not take effect. Also see the product change notice: https://infocenter.nordicsemi.com/pdf/in_142_v1.1.pdf 

    Best regards,
    Kenneth

  • 0 in reply to user2111

    The updated product spec says "By default, access port protection is enabled". Because of this, I would expect code that does not manipulate the new registers to not allow me to arbitrarily load parts of flash, add breakpoints, etc. Is this not correct?

  • 0 in reply to user13715
    My basic test has been to do an application-only load of my project that uses the SoftDevice. If it boots (as observed via UART output), then the SoftDevice was not erased, and Access Port Protection was not enabled. If it does not boot, the SoftDevice was erased, so Access Port Protection was enabled. I'm doing the loading via Keil uVision.

    What is performed prior to this test? Do you perform an eraseall, program the softdevice and power cycle the board?

    Kenneth

  • 0 in reply to user2111

    I have a Keil target for loading the SoftDevice hex and our (proprietary) Bootloader. That target is set to "Erase Full Chip" when it loads. I just tried manually power-cycling between loading the SD/Boot and the App, and loading the App still worked fine.

  • +1 in reply to user13715

    Then I suspect the Keil flash algorithm disable the APPROTECT when programming SD/Boot, this make sense since it's not intended that a product is programmed from Keil in production and it's better seen from a development platform that APPROTECT is disabled in this case, to check for this you can read out the UICR content and check the content of APPROTECT register _after_ the power cycle.

    I recommend that you erasall from nrfjprog, program softdevice/bootloader using nrfjprog, then execute a power cycle before you try to load the application from Keil.

    Best regards,
    Kenneth

  • 0 in reply to user2111

    nrfjprog seems to meet my needs. Thank you.

Reply Children
No Data
Related
Terms of service