There are several ways to protect nRF9160 devices. Access Port Protection (APPROTECT) secures the access port, Erase Protection (ERASEPROTECT) stops the device from being erased, and Secure Access Port Protection (SECUREAPPROTECT) stops unauthorized access to the secure domain.
APPROTECT blocks debugger read/write access to all CPU registers and memory mapped addresses.
To check if APPROTECT is already enabled, read the UICR.APPROTECT(0x00FF8000) register. If this register has a value other than 0xFFFFFFFF, it is protected. If the register shows the device as unprotected, write any value other than 0xFFFFFFFF to it. The protection activates after a reset. If you are activating ERASEPROTECT or SECUREAPPROTECT, wait to reset until all the protections are set.
ERASEPROTECT blocks NVMC ERASEALL and CTRL-AP.ERASEALL functionality.
To check if ERASEPROTECT is already enabled, read the UICR.ERASEPROTECT(0x00FF8030) register. If this register has a value other than 0xFFFFFFFF, it is protected. If the register shows the device as unprotected, write any value other than 0xFFFFFFFF to it. The protection activates after a reset. If you are activating APPROTECT or SECUREAPPROTECT, wait to reset until all the protections are set.
SECUREAPPROTECT blocks debugger read/write access to all secure CPU registers and secure memory mapped addresses.
To check if SECUREAPPROTECT is already enabled, read the UICR.SECUREAPPROTECT(0x00FF802C) register. If this register has a value other than 0xFFFFFFFF, it is protected. If the register shows the device as unprotected, write any value other than 0xFFFFFFFF to it. The protection activates after a reset. If you are activating APPROTECT or ERASEPROTECT, wait to reset until all the protections are set.