CTRL-AP - Control access port

The control access port (CTRL-AP) is a custom access port that enables control of the device when other access ports in the debug access port (DAP) are disabled by the access port protection.

For overview of other access ports in DAP, see DAP - Debug access port.

Figure 1. Control access port details
Control access port details

Access port protection (APPROTECT) blocks the debugger access to the AHB-AP, and prevents read and write access to all CPU registers and memory-mapped addresses. It is possible to enable access port protection for both secure and non-secure mode, using registers UICR.SECUREAPPROTECT and UICR.APPROTECT respectively. The debugger can use register APPROTECT.STATUS to read the status of secure and non-secure access port protection.

Control access port has the following features:
  • Soft reset
  • Erase all
  • Mailbox interface
  • Debug of protected devices

Reset request

The debugger can request the device to perform a soft reset.

Register RESET is used to request the soft reset. Once the soft reset is performed, the reset reason is accessible to on-chip firmware through register . For more information about the soft reset, see Reset.

Erase all

Erase all function gives debugger the possibility of triggering an erase of flash, user information configuration registers (UICR), RAM, including all peripheral settings, as well as removing the access port protection.

To trigger an erase all function, the debugger can write the register ERASEALL. Register ERASEALLSTATUS will read as busy for the duration of the operation. After the next reset, the access port protection is removed.

For slave MCU's, the ERASEALL command will also affect the application MCU. The ERASEALL command is performed on the application MCU first, independently of how the application is protected, and then on the slave MCU.

Erase all protection

It is possible to prevent debugger from performing an erase all operation by writing to register ERASEPROTECT. Once the register is configured and the device reset, the control access port ERASEALL operation is disabled, and all flash write and erase operations are restricted to firmware. In addition, it is still possible to write/erase from debugger as long as APPROTECT is not set.

Note: Setting ERASEPROTECT has no effect on debugger access, only on erase all operation.

Register ERASEPROTECT.STATUS holds the status for erase protection.

Mailbox interface

CTRL-AP implements a mailbox interface which enables the CPU to communicate with a debugger over the SWD interface.

The mailbox interface consists of a transmit register MAILBOX.TXDATA with its corresponding status register MAILBOX.TXSTATUS, and a receive register MAILBOX.RXDATA with its corresponding status register MAILBOX.RXSTATUS. Status bits in registers TXSTATUS/RXSTATUS will be set and cleared automatically when registers TXDATA/RXDATA are written to and read from, independently of the direction.
Figure 2. Mailbox register interface
Mailbox register interface, illustrating the data flow between debugger and CPU

Mailbox transfer sequence

  1. Sender writes TXDATA
  2. Hardware sets sender's TXSTATUS to DataPending
  3. Hardware sets receiver's RXSTATUS to DataPending
  4. Receiver reads RXDATA
  5. Hardware sets receiver's RXSTATUS to NoDataPending
  6. Hardware sets sender's TXSTATUS to NoDataPending

Unlocking of access port

The access port protection mechanisms can be temporarily bypassed to erase or debug the device.

Note: The mailbox feature of the CTRL-AP can be used by firmware to authenticate the debugger before allowing it to use the access port.

Disabling the erase all protection

To bypass ERASEPROTECT setting, making it possible for the access port to erase all memories, both the debugger and firmware must set the ERASEALL field in their respective ERASEPROTECTDISABLE registers. As soon as both registers have been written, the device is automatically erased using erase all function as described in Erase all, and then the access port is made available.

Note: To prevent misuse, the write-once register ERASEPROTECT.DISABLE should be set to Default as early in the start-up process as possible. Once written, it will not be possible to remove the erase protection until next reset.

Registers

Table 1. Register overview
Register Offset Security Description
RESET 0x000  

Soft reset request.

 
ERASEALL 0x004  

Perform a secure erase of the device. The device will be returned to factory default settings upon next reset.

 
ERASEALLSTATUS 0x008  

Status register for the ERASEALL operation

 
APPROTECT.STATUS 0x00C  

Status register for access port protection

 
ERASEPROTECT.STATUS 0x018  

Status register for UICR ERASEPROTECT configuration

 
ERASEPROTECT.DISABLE 0x01C  

Unlock ERASEPROTECT and perform ERASEALL

 
MAILBOX.TXDATA 0x020  

Data sent from the debugger to the CPU

 
MAILBOX.TXSTATUS 0x024  

Status to indicate if data sent from the debugger to the CPU has been read

 
MAILBOX.RXDATA 0x028  

Data sent from the CPU to the debugger

 
MAILBOX.RXSTATUS 0x02C  

Status to indicate if data sent from the CPU to the debugger has been read

 
IDR 0x0FC  

CTRL-AP Identification Register, IDR

 

RESET

Address offset: 0x000

Soft reset request.

This register is automatically deactivated by writing Erase to ERASEALL, it is then kept inactive until a reset source affecting the debug system is asserted. See Reset behavior.

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW

RESET

   

Soft reset request and status

     

NoReset

0

Write to release reset

Reading '0' means reset is not active

     

Reset

1

Write to hold reset

Reading '1' means reset is active

ERASEALL

Address offset: 0x004

Perform a secure erase of the device. The device will be returned to factory default settings upon next reset.

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A W

ERASEALL

   

Erase flash, SRAM and UICR in sequence

     

NoOperation

0

No operation

     

Erase

1

Erase flash, SRAM and UICR in sequence

ERASEALLSTATUS

Address offset: 0x008

Status register for the ERASEALL operation

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

ERASEALLSTATUS

   

Status register for the ERASEALL operation

     

Ready

0

ERASEALL is ready

     

Busy

1

ERASEALL is busy (on-going)

APPROTECT.STATUS

Address offset: 0x00C

Status register for access port protection

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                             B A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

APPROTECT

   

Status bit for access port protection

     

Enabled

0

APPROTECT is enabled

     

Disabled

1

APPROTECT is disabled

B R

SECUREAPPROTECT

   

Status bit for secure access port protection

     

Enabled

0

SECUREAPPROTECT is enabled

     

Disabled

1

SECUREAPPROTECT is disabled

ERASEPROTECT.STATUS

Address offset: 0x018

Status register for UICR ERASEPROTECT configuration

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

PALL

   

ERASEALL status

     

Enabled

0

ERASEALL protection is enabled

     

Disabled

1

ERASELL protection is not enabled and device can be erased

ERASEPROTECT.DISABLE

Address offset: 0x01C

Unlock ERASEPROTECT and perform ERASEALL

This register can only be written once per reset

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW1

KEY

   

Initiate secure erase even though ERASEPROTECT is enabled if KEY fields match

MAILBOX.TXDATA

Address offset: 0x020

Data sent from the debugger to the CPU

Writing to this register will automatically set field DataPending in register TXSTATUS

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW

Data

   

Data sent from debugger

MAILBOX.TXSTATUS

Address offset: 0x024

Status to indicate if data sent from the debugger to the CPU has been read

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

Status

   

Status of register DATA

     

NoDataPending

0

No data pending in register TXDATA

     

DataPending

1

Data pending in register TXDATA

MAILBOX.RXDATA

Address offset: 0x028

Data sent from the CPU to the debugger

Reading from this register will automatically set field NoDataPending in register RXSTATUS

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

Data

   

Data sent from CPU

MAILBOX.RXSTATUS

Address offset: 0x02C

Status to indicate if data sent from the CPU to the debugger has been read

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

Status

   

Status of register DATA

     

NoDataPending

0

No data pending in register RXDATA

     

DataPending

1

Data pending in register RXDATA

IDR

Address offset: 0x0FC

CTRL-AP Identification Register, IDR

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID E E E E D D D D C C C C C C C B B B B           A A A A A A A A
Reset 0x12880000 0 0 0 1 0 0 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

APID

   

AP Identification

B R

CLASS

   

Access Port (AP) class

     

NotDefined

0x0

No defined class

     

MEMAP

0x8

Memory Access Port

C R

JEP106ID

   

JEDEC JEP106 identity code

D R

JEP106CONT

   

JEDEC JEP106 continuation code

E R

REVISION

   

Revision

Registers

Table 2. Instances
Base address Peripheral Instance Secure mapping DMA security Description Configuration
0x50006000 CTRLAPPERI CTRL_AP_PERI S NA

CTRL-AP-PERI

   
Table 3. Register overview
Register Offset Security Description
MAILBOX.RXDATA 0x400  

Data sent from the debugger to the CPU

 
MAILBOX.RXSTATUS 0x404  

Status to indicate if data sent from the debugger to the CPU has been read

 
MAILBOX.TXDATA 0x480  

Data sent from the CPU to the debugger

 
MAILBOX.TXSTATUS 0x484  

Status to indicate if data sent from the CPU to the debugger status has been read

 
ERASEPROTECT.LOCK 0x500  

Lock ERASEALL mechanism

 
ERASEPROTECT.DISABLE 0x504  

Unlock ERASEPROTECT and perform ERASEALL

 

MAILBOX.RXDATA

Address offset: 0x400

Data sent from the debugger to the CPU

Reading from this register will automatically set field NoDataPending in register RXSTATUS

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

RXDATA

   

Data received from debugger

MAILBOX.RXSTATUS

Address offset: 0x404

Status to indicate if data sent from the debugger to the CPU has been read

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

RXSTATUS

   

Status of data in register RXDATA

     

NoDataPending

0

No data pending in register RXDATA

     

DataPending

1

Data pending in register RXDATA

MAILBOX.TXDATA

Address offset: 0x480

Data sent from the CPU to the debugger

Writing to this register will automatically set field DataPending in register TXSTATUS

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW

TXDATA

   

Data sent to debugger

MAILBOX.TXSTATUS

Address offset: 0x484

Status to indicate if data sent from the CPU to the debugger status has been read

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

TXSTATUS

   

Status of data in register TXDATA

     

NoDataPending

0

No data pending in register TXDATA

     

DataPending

1

Data pending in register TXDATA

ERASEPROTECT.LOCK

Address offset: 0x500

Lock ERASEALL mechanism

This register can only be written once per reset

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW1

ERASEPROTECTLOCK

   

Enable or disable the ERASEALL mechanism

     

Unlocked

0

ERASEALL can be issued

     

Locked

1

ERASEALL is locked

ERASEPROTECT.DISABLE

Address offset: 0x504

Unlock ERASEPROTECT and perform ERASEALL

This register can only be written once per reset

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW

KEY

   

Initiate secure erase even though ERASEPROTECT is enabled if KEY fields match