← Back to roadmap
Partial

Secure debug / APPROTECT

Priority 7 - Security Hardware

$0 / $5,7500% funded
Fund$5,750
$0 / $5,750 - 0%
As a security engineer, I want vemu to actually enforce APPROTECT/ERASEPROTECT debug-access locks, so that I can validate anti-tamper debug-authentication firmware instead of only observing an always-unlocked mailbox.

Why it matters

Observe & script DAP-style debug-auth firmware flows

Summary

Debugger mailbox + APPROTECT/ERASEPROTECT register model (lock not enforced)

Scope of work

Partially modeled. Complete the missing mechanics of Secure debug / APPROTECT. What it is: Debugger mailbox + APPROTECT/ERASEPROTECT register model (lock not enforced). Why it matters: Observe & script DAP-style debug-auth firmware flows.

Current state

Status: Partially implemented. Notes / evidence: nrf_ctrlap.rs CTRL-AP mailbox fully modeled; APPROTECT/SECUREAPPROTECT LOCK/DISABLE registers stored + emit events but do NOT gate debug access (protection always disabled; key resets to 0x50FA50FA).

Blocked by 1

Fund these first - this work can't be completed until they ship.

  • Done

Activity log

  1. Feature defined and added to the roadmap

  2. Funding goal set to $5,750

  3. Implementation status: Partial