Securing production devices

When finalizing work on a Matter device, make sure to adopt the following recommendations before sending the device to production.

Enable AP-Protect

Make sure to enable the AP-Protect feature for the production devices to disable the debug functionality.

Several Nordic Semiconductor SoCs or SiPs supported in the nRF Connect SDK offer an implementation of the access port protection mechanism (AP-Protect). When enabled, this mechanism blocks the debugger from read and write access to all CPU registers and memory-mapped addresses. Accessing these registers and addresses again requires disabling the mechanism and erasing the flash.

See Enabling access port protection mechanism for more information.

Disable debug serial port

Make sure to disable the debug serial port, for example UART, so that logs and shell commands are not accessible for production devices. See the prj_release.conf files in Matter samples for an example of how to disable debug functionalities.