STM32F1xx:

 

1. Protections:

The user area of the Flash memory can be protected against read by untrusted code. The pages of the Flash memory can also be protected against unwanted write due to loss of program counter contexts.

The write-protection granularity is then of:

● four pages for low- and medium-density devices

● two pages for high-density and connectivity line devices.

 

1.1 Read protection:

The read protection is activated by setting the RDP option byte and then, by applying a system reset to reload the new RDP option byte.

Note: If the read protection is set while the debugger is still connected through JTAG/SWD, apply a POR (power-on reset) instead of a system reset (without debugger connection).

Once the protection byte has been programmed:

● Main Flash memory read access is not allowed except for the user code (when booting from main Flash memory itself with the debug mode not active).

● Pages 0-3 (for low- and medium-density devices), or pages 0-1 (for high-density and connectivity line devices) are automatically write-protected. The rest of the memory can be programmed by the code executed from the main Flash memory (for IAP, constant storage, etc.), but it is protected against write/erase (but not against mass erase) in debug mode or when booting from the embedded SRAM.

● All features linked to loading code into and executing code from the embedded SRAM are still active (JTAG/SWD and boot from embedded SRAM) and this can be used to disable the read protection. When the read protection option byte is altered to a memory-unprotect value, a mass erase is performed.

● Main Flash memory access through code executed from SRAM or FSMC, and Flash access through data read using DMA1, DMA2, JTAG, SWV (serial wire viewer), SWD (serial wire debug), ETM and boundary scan are not allowed.

Flash memory protection status:

RDP byte value RDP complement value Read protection status 0xFF 0xFF Protected RDPRT Complement of RDP byte Not protected Any value Not the complement value of RDP Protected

Note: Erasing the option byte block will not trigger a mass erase as the erased value (0xFF) corresponds to a protected value.

Unprotection:

To disable the read protection from the embedded SRAM:

● Erase the entire option byte area. As a result, the read protection code (RDP) will be 0xFF. At this stage the read protection is still enabled.

● Program the correct RDP code 0x00A5 to unprotect the memory. This operation first forces a Mass Erase of the main Flash memory.

● Reset the device (POR Reset) to reload the option bytes (and the new RDP code) and, to disable the read protection.

Note: The read protection can be disabled using the boot loader (in this case only a System Reset is necessary to reload the option bytes).

 

1.2 Write protection:

In high-density and connectivity line devices, from page 0 to page 61, write protection is implemented with a granularity of two pages at a time. The remaining memory block (from page 62 to page 255 in high-density devices, and from page 62 to page 127 in connectivity line devices) is write-protected at once.

In low- and medium-density devices, write protection is implemented with a granularity of four pages at a time.

If a program or an erase operation is performed on a protected page, the Flash memory returns a protection error flag on the Flash memory Status Register (FLASH_SR).

The write protection is activated by configuring the WRP[3:0] option bytes, and then by applying a system reset to reload the new WRPx option bytes.

Unprotection:

To disable the write protection, two application cases are provided:

● Case 1: Read protection disabled after the write unprotection:

– Erase the entire option byte area by using the OPTER bit in the Flash memory control register (FLASH_CR)

– Program the correct RDP code 0x00A5 to unprotect the memory. This operation first forces a Mass Erase of the main Flash memory.

– Reset the device (system reset) to reload the option bytes (and the new WRP[3:0] bytes), and to disable the write protection

● Case 2: Read protection maintained active after the write unprotection, useful for inapplication programming with a user boot loader:

– Erase the entire option byte area by using the OPTER bit in the Flash memory control register (FLASH_CR)

– Reset the device (system reset) to reload the option bytes (and the new WRP[3:0] bytes), and to disable the write protection.

 

1.3 Option byte block write protection:

The option bytes are always read-accessible and write-protected by default. To gain write access (Program/Erase) to the option bytes, a sequence of keys (same as for lock) has to be written into the OPTKEYR. A correct sequence of keys gives write access to the option bytes and this is indicated by OPTWRE in the FLASH_CR register being set. Write access can be disabled by resetting the bit through software.

 

2 Option byte description:

There are eight option bytes. They are configured by the end user depending on the application requirements. As a configuration example, the watchdog may be selected in hardware or software mode.

A 32-bit word is split up as follows in the option bytes.

Option byte format:

31-24 23-16 15-8 7-0 complemented option byte 1 Option byte 1 complemented option byte 0Option byte 0

The organization of these bytes inside the information block is as shown in next table.

The option bytes can be read from the memory locations listed in next table or from the Option byte register (FLASH_OBR).

Note: The new programmed option bytes (user, read/write protection) are loaded after a system reset.

Option byte organization:

Address [31:24] [23:16] [15:8] [7:0] 0x1FFF F800 nUSER USER nRDP RDP 0x1FFF F804 nData1 Data1 nData0 Data0 0x1FFF F808 nWRP1 WRP1 nWRP0 WRP0 0x1FFF F80C nWRP3 WRP3 nWRP2 WRP2

 

3 Unique device ID register (96 bits):

The unique device identifier is ideally suited:

● for use as serial numbers (for example USB string serial numbers or other end applications)

● for use as security keys in order to increase the security of code in Flash memory while using and combining this unique ID with software cryptographic primitives and protocols before programming the internal Flash memory

● to activate secure boot processes, etc.

The 96-bit unique device identifier provides a reference number which is unique for any device and in any context. These bits can never be altered by the user. The 96-bit unique device identifier can also be read in single bytes/half-words/words in different ways and then be concatenated using a custom algorithm.

Base address: 0x1FFF F7E8

 

STMicroelectronics

 

Ask your question: RussianSemiResearch@ya.ru

 

 
RussianSemiResearch. © 2008-2018.E-mail: RussianSemiResearch@ya.ru