CTRL-AP - Control access port

The control access port (CTRL-AP) is a custom access port that enables control of the device when other debug access ports (DAP) have been disabled by the access port protection.

For an overview of the other debug access ports, see DAP - Debug access port.

Figure 1. Control access port details
Control access port details

Access port protection (APPROTECT) blocks the debugger access to the AHB-AP, and prevents read and write access to all CPU registers and memory-mapped addresses. It is possible to enable access port protection for both secure and non-secure mode, using registers UICR.SECUREAPPROTECT and UICR.APPROTECT respectively. The debugger can use register APPROTECT.STATUS to read the status of secure and non-secure access port protection.

CTRL-AP has the following features:
  • Soft reset
  • Erase all
  • Mailbox interface
  • Debug of protected devices

Reset request

The debugger can request the device to perform a soft reset.

Register RESET is used to request the soft reset. Once the soft reset is performed, the reset reason is accessible to on-chip firmware through register RESETREAS. For more information about the soft reset, see Reset.

Erase all

Erase all function gives debugger the possibility of triggering an erase of flash, user information configuration registers (UICR), RAM, including all peripheral settings, as well as removing the access port protection.

To trigger an erase all function, the debugger can write to register ERASEALL. Register ERASEALLSTATUS will read as busy for the duration of the operation. After the next reset, the access port protection is removed.

If the debugger performs an erase all function on a slave MCU, the erase sequence will always erase the application MCU first, independently of how the application is protected, before erasing the slave MCU.

Erase all protection

It is possible to prevent debugger from performing an erase all operation by writing to register ERASEPROTECT. Once the register is configured and the device reset, the CTRL-AP ERASEALL operation is disabled, and all flash write and erase operations are restricted to firmware. In addition, it is still possible to write/erase from debugger as long as APPROTECT is not set.

Note: Setting ERASEPROTECT has no effect on debugger access, only on erase all operation.

Register ERASEPROTECT.STATUS holds the status for erase protection.

Mailbox interface

CTRL-AP implements a mailbox interface which enables the CPU to communicate with a debugger over the SWD interface.

The mailbox interface consists of a transmit register MAILBOX.TXDATA with its corresponding status register MAILBOX.TXSTATUS, and a receive register MAILBOX.RXDATA with its corresponding status register MAILBOX.RXSTATUS. Status bits in registers TXSTATUS/RXSTATUS will be set and cleared automatically when registers TXDATA/RXDATA are written to and read from, independently of the direction.
Figure 2. Mailbox register interface
Mailbox register interface, illustrating the data flow between debugger and CPU

Mailbox transfer sequence

  1. Sender writes TXDATA
  2. Hardware sets sender's TXSTATUS to DataPending
  3. Hardware sets receiver's RXSTATUS to DataPending
  4. Receiver reads RXDATA
  5. Hardware sets receiver's RXSTATUS to NoDataPending
  6. Hardware sets sender's TXSTATUS to NoDataPending

Disabling erase protection

The erase protection mechanism can be disabled in order to return a device to factory default settings upon next reset.

The debugger can read the erase protection status in register ERASEPROTECT.STATUS.

If ERASEPROTECT has been enabled, both the debugger and on-chip firmware must write the same non-zero 32-bit KEY value into their respective ERASEPROTECT.DISABLE registers in order to disable the erase protection. As soon as both registers have been written with the same non-zero 32-bit KEY value, the device is automatically erased as described in Erase all. The access ports will be re-enabled on next reset once the secure erase sequence has completed.

Write-once register ERASEPROTECT.LOCK should be set to 'Locked' as early as possible in the start-up sequence, preferably as soon as on-chip firmware has determined it does not need to communicate with a debugger over the CTRL-AP mailbox interface. Once written, it will not be possible to remove the erase protection until next reset.

Registers

Table 1. Register overview
Register Offset Security Description
RESET 0x000  

System reset request.

 
ERASEALL 0x004  

Perform a secure erase of the device, where flash, SRAM and UICR will be erased in sequence. The device will be returned to factory default settings upon next reset.

 
ERASEALLSTATUS 0x008  

Status register for the ERASEALL operation

 
APPROTECT.STATUS 0x00C  

Status register for UICR APPROTECT and SECUREAPPROTECT configuration

 
ERASEPROTECT.STATUS 0x018  

Status register for UICR ERASEPROTECT configuration

 
ERASEPROTECT.DISABLE 0x01C  

Disable ERASEPROTECT and perform ERASEALL

 
MAILBOX.TXDATA 0x020  

Data sent from the debugger to the CPU

 
MAILBOX.TXSTATUS 0x024  

Status to indicate if data sent from the debugger to the CPU has been read

 
MAILBOX.RXDATA 0x028  

Data sent from the CPU to the debugger

 
MAILBOX.RXSTATUS 0x02C  

Status to indicate if data sent from the CPU to the debugger has been read

 
IDR 0x0FC  

CTRL-AP Identification Register, IDR

 

RESET

Address offset: 0x000

System reset request.

This register is automatically deactivated by writing Erase to ERASEALL, it is then kept inactive until a reset source affecting the debug system is asserted. See Reset behavior.

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW

RESET

   

System reset request and status

     

NoReset

0

Write to release reset

Reading '0' means reset is not active

     

Reset

1

Write to hold reset

Reading '1' means reset is active

ERASEALL

Address offset: 0x004

Perform a secure erase of the device, where flash, SRAM and UICR will be erased in sequence. The device will be returned to factory default settings upon next reset.

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A W

ERASEALL

   

Return device to factory default settings

     

NoOperation

0

No operation

     

Erase

1

Erase flash, SRAM and UICR in sequence

ERASEALLSTATUS

Address offset: 0x008

Status register for the ERASEALL operation

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

ERASEALLSTATUS

   

Status bit for the ERASEALL operation

     

Ready

0

ERASEALL is ready

     

Busy

1

ERASEALL is busy (on-going)

APPROTECT.STATUS

Address offset: 0x00C

Status register for UICR APPROTECT and SECUREAPPROTECT configuration

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                             B A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

APPROTECT

   

Status bit for access port protection

Note: Reset value is auto read from the APPROTECT register in UICR

     

Enabled

0

APPROTECT is enabled

     

Disabled

1

APPROTECT is disabled

B R

SECUREAPPROTECT

   

Status bit for secure access port protection

Note: Reset value is auto read from the SECUREAPPROTECT register in UICR

     

Enabled

0

SECUREAPPROTECT is enabled

     

Disabled

1

SECUREAPPROTECT is disabled

ERASEPROTECT.STATUS

Address offset: 0x018

Status register for UICR ERASEPROTECT configuration

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

PALL

   

Status bit for erase protection

Note: Reset value is auto read from the ERASEPROTECT register in UICR

     

Enabled

0

ERASEPROTECT is enabled

     

Disabled

1

ERASEPROTECT is not enabled and ERASEALL can be performed

ERASEPROTECT.DISABLE

Address offset: 0x01C

Disable ERASEPROTECT and perform ERASEALL

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW

KEY

   

The ERASEALL sequence will be initiated if value of KEY fields are non-zero and KEY fields match on both CPU and debugger side

MAILBOX.TXDATA

Address offset: 0x020

Data sent from the debugger to the CPU

Writing to this register will automatically set field DataPending in register TXSTATUS

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW

Data

   

Data sent from debugger

MAILBOX.TXSTATUS

Address offset: 0x024

Status to indicate if data sent from the debugger to the CPU has been read

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

Status

   

Status of register DATA

     

NoDataPending

0

No data pending in register TXDATA

     

DataPending

1

Data pending in register TXDATA

MAILBOX.RXDATA

Address offset: 0x028

Data sent from the CPU to the debugger

Reading from this register will automatically set field NoDataPending in register RXSTATUS

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

Data

   

Data sent from CPU

MAILBOX.RXSTATUS

Address offset: 0x02C

Status to indicate if data sent from the CPU to the debugger has been read

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

Status

   

Status of register DATA

     

NoDataPending

0

No data pending in register RXDATA

     

DataPending

1

Data pending in register RXDATA

IDR

Address offset: 0x0FC

CTRL-AP Identification Register, IDR

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID E E E E D D D D C C C C C C C B B B B           A A A A A A A A
Reset 0x12880000 0 0 0 1 0 0 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

APID

   

AP Identification

B R

CLASS

   

Access Port (AP) class

     

NotDefined

0x0

No defined class

     

MEMAP

0x8

Memory Access Port

C R

JEP106ID

   

JEDEC JEP106 identity code

D R

JEP106CONT

   

JEDEC JEP106 continuation code

E R

REVISION

   

Revision

Registers

Table 2. Instances
Base address Peripheral Instance Secure mapping DMA security Description Configuration
0x50006000 CTRLAPPERI CTRL_AP_PERI S NA

CTRL-AP-PERI

   
Table 3. Register overview
Register Offset Security Description
MAILBOX.RXDATA 0x400  

Data sent from the debugger to the CPU

 
MAILBOX.RXSTATUS 0x404  

Status to indicate if data sent from the debugger to the CPU has been read

 
MAILBOX.TXDATA 0x480  

Data sent from the CPU to the debugger

 
MAILBOX.TXSTATUS 0x484  

Status to indicate if data sent from the CPU to the debugger has been read

 
ERASEPROTECT.LOCK 0x500  

Lock register ERASEPROTECT.DISABLE from being written until next reset

 
ERASEPROTECT.DISABLE 0x504  

Disable ERASEPROTECT and perform ERASEALL

 

MAILBOX.RXDATA

Address offset: 0x400

Data sent from the debugger to the CPU

Reading from this register will automatically set field NoDataPending in register RXSTATUS

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

RXDATA

   

Data received from debugger

MAILBOX.RXSTATUS

Address offset: 0x404

Status to indicate if data sent from the debugger to the CPU has been read

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

RXSTATUS

   

Status of data in register RXDATA

     

NoDataPending

0

No data pending in register RXDATA

     

DataPending

1

Data pending in register RXDATA

MAILBOX.TXDATA

Address offset: 0x480

Data sent from the CPU to the debugger

Writing to this register will automatically set field DataPending in register TXSTATUS

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW

TXDATA

   

Data sent to debugger

MAILBOX.TXSTATUS

Address offset: 0x484

Status to indicate if data sent from the CPU to the debugger has been read

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A R

TXSTATUS

   

Status of data in register TXDATA

     

NoDataPending

0

No data pending in register TXDATA

     

DataPending

1

Data pending in register TXDATA

ERASEPROTECT.LOCK

Address offset: 0x500

Lock register ERASEPROTECT.DISABLE from being written until next reset

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW1

LOCK

   

Lock register ERASEPROTECT.DISABLE from being written until next reset

     

Unlocked

0

Register ERASEPROTECT.DISABLE is writeable

     

Locked

1

Register ERASEPROTECT.DISABLE is read-only

ERASEPROTECT.DISABLE

Address offset: 0x504

Disable ERASEPROTECT and perform ERASEALL

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
ID A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ID Access Field Value ID Value Description
A RW

KEY

   

The ERASEALL sequence will be initiated if value of KEY fields are non-zero and KEY fields match on both CPU and debugger side