From 9573717cc8c078326fceb2869fe029e98615723b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Tue, 1 Oct 2024 15:44:14 +0200 Subject: [PATCH] [nrf fromtree] platform: nordic_nrf: APPROTECT to lock debugging MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit NRF_APPROTECT and NRF_SECURE_APPROTECT to take precedence over other mechanisms when configuring debugging for TF-M. For nRF53 and nRF91x1 the actual locking of firmware is done elsewhere. This further locks the UICR. nRF9160 supports only hardware APPROTECT. This will lock the APPROTECT / SECUREAPPROTECT in the next boot, when the above settings are configured. Change-Id: I5e304be0f8a34c0016488d9ec09929bbcb38481f Signed-off-by: Markus Lassila Signed-off-by: Frank Audun Kvamtrø --- .../nordic_nrf/common/core/target_cfg.c | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 953d63710..f9f7fc742 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -807,7 +807,33 @@ enum tfm_plat_err_t system_reset_cfg(void) enum tfm_plat_err_t init_debug(void) { -#if defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) +#if defined(NRF_APPROTECT) || defined(NRF_SECURE_APPROTECT) + +#if !defined(DAUTH_CHIP_DEFAULT) +#error "Debug access controlled by NRF_APPROTECT and NRF_SECURE_APPROTECT." +#endif + +#if defined(NRF_APPROTECT) + /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot.*/ + if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->APPROTECT, + UICR_APPROTECT_PALL_Protected)) { + nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->APPROTECT, UICR_APPROTECT_PALL_Protected); + } else { + return TFM_PLAT_ERR_SYSTEM_ERR; + } +#endif +#if defined(NRF_SECURE_APPROTECT) + /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot. */ + if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, + UICR_SECUREAPPROTECT_PALL_Protected)) { + nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, + UICR_SECUREAPPROTECT_PALL_Protected); + } else { + return TFM_PLAT_ERR_SYSTEM_ERR; + } +#endif + +#elif defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) #if !defined(DAUTH_CHIP_DEFAULT) #error "Debug access on this platform can only be configured by programming the corresponding registers in UICR."