1 /*
2 
3 Copyright (c) 2009-2023 ARM Limited. All rights reserved.
4 
5     SPDX-License-Identifier: Apache-2.0
6 
7 Licensed under the Apache License, Version 2.0 (the License); you may
8 not use this file except in compliance with the License.
9 You may obtain a copy of the License at
10 
11     www.apache.org/licenses/LICENSE-2.0
12 
13 Unless required by applicable law or agreed to in writing, software
14 distributed under the License is distributed on an AS IS BASIS, WITHOUT
15 WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 See the License for the specific language governing permissions and
17 limitations under the License.
18 
19 NOTICE: This file has been modified by Nordic Semiconductor ASA.
20 
21 */
22 
23 #ifndef SYSTEM_NRF91_APPROTECT_H
24 #define SYSTEM_NRF91_APPROTECT_H
25 
26 #include "nrf.h"
27 #include "nrf91_erratas.h"
28 
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32 
33 /* Function that handles firmware-driven enabling or disabling of APPROTECT on devices where it is supported.
34         If ENABLE_APPROTECT is defined, the FW will lock the fw branch of the APPROTECT mechanism,
35                             preventing it from being opened.
36         If ENABLE_APPROTECT_USER_HANDLING is defined, the FW will not write to the fw branch of the APPROTECT mechanism.
37                             This allows later stages of the fw to handle APPROTECT,
38                             for example to implement authenticated debug.
39         Otherwise, the fw branch state is loaded from UICR.
40 
41          The same mechanism is implemented for SECURE APPROTECT, with the macros
42          ENABLE_SECURE_APPROTECT and ENABLE_SECURE_APPROTECT_USER_HANDLING. */
43 
nrf91_handle_approtect(void)44 static inline void nrf91_handle_approtect(void)
45 {
46     if (!nrf91_errata_36())
47     {
48         /* Target device does not support firmware-driven approtect. */
49         return;
50     }
51     #if defined (NRF91_ERRATA_36_PRESENT) && NRF91_ERRATA_36_PRESENT
52         #if defined (ENABLE_APPROTECT)
53             /* Prevent processor from unlocking APPROTECT soft branch after this point. */
54             NRF_APPROTECT_S->APPROTECT.FORCEPROTECT = (APPROTECT_APPROTECT_FORCEPROTECT_FORCEPROTECT_Force << APPROTECT_APPROTECT_FORCEPROTECT_FORCEPROTECT_Pos);
55 
56         #elif defined (ENABLE_APPROTECT_USER_HANDLING)
57                 /* Do nothing, allow user code to handle APPROTECT. Use this if you want to enable authenticated debug. */
58 
59         #else
60             /* Load APPROTECT soft branch from UICR.
61                 If UICR->APPROTECT is disabled, APPROTECT->APPROTECT will be disabled. */
62             NRF_APPROTECT_S->APPROTECT.DISABLE = NRF_UICR_S->APPROTECT == UICR_APPROTECT_PALL_HwUnprotected ? APPROTECT_APPROTECT_DISABLE_DISABLE_SwUnprotected : 0ul;
63         #endif
64 
65         /* Secure APPROTECT is only available for Application core. */
66         #if defined (ENABLE_SECURE_APPROTECT)
67             /* Prevent processor from unlocking SECURE APPROTECT soft branch after this point. */
68             NRF_APPROTECT_S->SECUREAPPROTECT.FORCEPROTECT = (APPROTECT_SECUREAPPROTECT_FORCEPROTECT_FORCEPROTECT_Force << APPROTECT_SECUREAPPROTECT_FORCEPROTECT_FORCEPROTECT_Pos);
69 
70         #elif defined (ENABLE_SECURE_APPROTECT_USER_HANDLING)
71                 /* Do nothing, allow user code to handle SECURE APPROTECT. Use this if you want to enable authenticated debug. */
72 
73         #else
74             /* Load SECURE APPROTECT soft branch from UICR.
75                 If UICR->SECUREAPPROTECT is disabled, APPROTECT->SECUREAPPROTECT will be disabled. */
76             NRF_APPROTECT_S->SECUREAPPROTECT.DISABLE = NRF_UICR_S->SECUREAPPROTECT == UICR_SECUREAPPROTECT_PALL_HwUnprotected ? APPROTECT_SECUREAPPROTECT_DISABLE_DISABLE_SwUnprotected : 0ul;
77         #endif
78     #endif
79 }
80 
81 #ifdef __cplusplus
82 }
83 #endif
84 
85 #endif /* SYSTEM_NRF91_APPROTECT_H */
86