New versions of the nRF52 chips have an improved implementation of the Acess Port Protection Mechanism. Their APPROTECT bit is set to 1 by default, such that the firmware in Flash memory cannot be accessed through the SWD port.
In other words - OpenOCD can no longer connect to the board.
Trial 1: Use nrfjprog
One solution is to use the Nordic nrfjprog tool to clear the APPROTECT bit:
$ nrfjprog --recover
This will:
- Erase the Flash memory.
- Clear the
APPROTECTbit. - Write a small firmware to Flash, to clear the
APPROTECTbit after a reset.
Unfortunately, this is only a short-term solution. Yes, now OpenOCD can reach the chip. But once OpenOCD has flashed your application firmware to the chip, the APPROTECT again defaults to 1 and OpenOCD cannot reach the chip anymore.
Trial 2: Add the unlock action to the makefile recipe
The nrfjprog tool only has a temporary effect. We could solve that issue by invoking the tool each time the user presses the flash button. In other words, it would require a change in our dashboard.mk makefile:
# 6. FLASH RULES
# ==============
# The 'flash' target flashes the binary to the target microcontroller. To
# achieve this, it invokes the OpenOCD tool:
.PHONY: flash
flash: $(BINARIES) print_flash disable_approtect
openocd -f $(OPENOCD_PROBEFILE)\
-f $(OPENOCD_CHIPFILE)\
-c "program {$(ELF_FILE)} verify reset; shutdown;"
# Newer devices of the nRF52 series have an improved implementation of the
# access port protection mechanism. Invoke the nrfjprog tool to clear the
# APPROTECT bit.
.PHONY: disable_approtect
disable_approtect:
nrfjprog --recover
Unfortunately, this approach is impossible. I’ll explain why.
For OpenOCD to connect to the board, the user must install the WinUSB driver for the on-board J-Link probe. The UsbDriverTool (download from Automatic USB driver installer for FTDI and LibUSB drivers) can be used for that purpose:
Once this is done, OpenOCD is happy. But the nrfjprog tool can’t connect anymore. The user can restore the original driver to make nrfjprog happy:
But then, OpenOCD won’t work anymore. In other words: OpenOCD and nrfjprog cannot coexist.
Trial 3: Unlock the APPROTECT bit with OpenOCD
According to this source (nRF52 Debug Resurrection (APPROTECT Bypass) Part 1 - LimitedResults), it should be possible to clear the APPROTECT bit with OpenOCD instead of nrfjprog:
# Read APPROTECTSTATUS
# (0x0 Access port protection enabled - 0x1 APP disabled)
> nrf52.dap apreg 1 0x0c 0x00000000
# Write ERASEALL register
> nrf52.dap apreg 1 0x04 0x01
> reset
So I tried to add that to our makefile rules:
# 6. FLASH RULES
# ==============
# The 'flash' target flashes the binary to the target microcontroller. To
# achieve this, it invokes the OpenOCD tool:
.PHONY: flash
flash: $(BINARIES) print_flash disable_approtect
"$(FLASHTOOL)" -f $(OPENOCD_PROBEFILE)\
-f $(OPENOCD_CHIPFILE)\
-c "program {$(ELF_FILE)} verify reset; shutdown;"
# Newer devices of the nRF52 series have an improved implementation of the
# access port protection mechanism.
.PHONY: disable_approtect
disable_approtect:
"$(FLASHTOOL)" -f $(OPENOCD_PROBEFILE)\
-f $(OPENOCD_CHIPFILE)\
-c "init; halt; nrf52.dap apreg 1 0x0c 0x00000000; nrf52.dap apreg 1 0x04 0x01; shutdown;"
It didn’t work.
Trial 4: Upgrade SDK
According to this source (Working with the nRF52 Series' improved APPROTECT - Blogs - Nordic Blog - Nordic DevZone) the new Nordic SDK has a preprocessor flag for this APPROTECT bit. When that flag is set, the application firmware (the resulting binary from the build) will always clear the APPROTECT bit at startup.
This solution would therefore require me to:
- Upgrade the Nordic SDK on my computer.
- Regenerate the Nordic projects (and make sure they still work - lots of things can have changed since the last SDK I used to create the Nordic projects).
- Upload the new Nordic projects to our server.
- Update our webpage that explains how to install the Nordic boards (the J-Link probes on the board, see https://new.embeetle.com/#supported-hardware/probes/jlink). I must explain how the user should use the
nrfjprogtool to unlock theAPPROTECTbit before installing theWinUSBdriver for OpenOCD. - Hope the user will only flash firmware that unlocks the
APPROTECTbit at startup. Otherwise, his board is bricked, and must be “unbricked” again with thenrfjprogtool.
This solution will require a lot of time to implement, and might still fail (see point 5).
Resources
- nRF52 Debug Resurrection (APPROTECT Bypass) Part 1 - LimitedResults
- Working with the nRF52 Series' improved APPROTECT - Blogs - Nordic Blog - Nordic DevZone
- Trying to disable APPROTECT for debugging - Nordic Q&A - Nordic DevZone - Nordic DevZone
- unlocking NRF52480 - Nordic Q&A - Nordic DevZone - Nordic DevZone