====== APPROTECT ====== ===== what is APPROTECT ===== Access port protection mechanism (AP-Protect). When enabled, this mechanism blocks the debugger from read and write access to all CPU registers and memory-mapped addresses. Accessing these registers and addresses again requires disabling the mechanism and erasing the flash. Due to easiness of bypass of APPROTECT by power glitching latest revisions of chips contains extended implementation: to disable it it has to be disabled by "HW" (''UICR'') and software ''APPROTECT.DISABLE''. See details: * [[https://docs.nordicsemi.com/bundle/ps_nrf52840/page/dif.html#ariaid-title3|Access port protection]] * [[https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/security/ap_protect.html|Enabling access port protection mechanism]] * [[https://devzone.nordicsemi.com/f/nordic-q-a/96590/how-to-disable-approtect-permanently-dfu-is-needed|How to disable APPROTECT permanently? DFU is needed]] * [[https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/working-with-the-nrf52-series-improved-approtect|Working with the nRF52 Series' improved APPROTECT]] ===== recover ===== Sometimes flashing of NRF chip fails without reason. Next flash fails also because device is locked and ''recover'' is needed. This means that chip flash is protected and cannot be read or written. Removing of protection is needed. Summary: * due to [[https://docs.nordicsemi.com/bundle/errata_nRF52840_Rev3/page/ERR/nRF52840/Rev3/latest/config_840_249.html#config_840_249|[249]]] APPROTECT is enabled by default after startup * application needs to switch off APPROTECT - it is automatically performed in NRF's startup code: ''3rdParty/nrf5-sdk/modules/nrfx/mdk/system_nrf52.c'' * so if flashing is interrupted due to SWD errors (speed to high) MCU will be protected. * I suspect ''nrfjprog'' is not adapted to latest changes. Usage of ''--chiperase'' and ''--verify'' cause problems. Intermediate reset between phases (-> APPROTECT enable) ... * "nrfjprog's recover operation writes ''UICR.APPROTECT'' to ''HwDisabled'' and **programs a small piece of firmware** to the flash to ensure that the device continues to unlock itself at reset." ===== bypass APPROTECT ===== * [[https://www.youtube.com/watch?v=tMPD0kBG_So|HowTo bypass APPROTECT of nRF52832 or nRF52840 with ESP32 Power glitching]] * [[https://github.com/atc1441/ESP32_nRF52_SWD|ESP32 SWD Flasher for nRF52]] * [[https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/working-with-the-nrf52-series-improved-approtect|nRF52 Debug Resurrection (APPROTECT Bypass) Part 1]]