Table 11. Security features for STM32L5, STM32U5, STM32H503/5, STM32H72x/73/74x/75, STM32H7Ax/7Bx, STM32F7
devices
Feature STM32L5 STM32U5
STM32
H503
STM32H5
STM32
H72x/73
STM32
H74x/75
STM32
H7Ax/7Bx
STM32F7
Cortex core Cortex‑M33 Cortex‑M7
RDP additional protection
RDP four
levels,
backup
registers,
SRAM2
RDP four
levels,
backup
registers,
SRAM3
Product state instead of
RDP
Backup
SRAM,
backup
registers,
OTFDEC
Backup
SRAM,
backup
registers
Backup
SRAM,
backup
registers,
OTFDEC
Backup
SRAM
Flash WRP
Up to four
protected
areas with
2‑K or
4‑Kbyte
granularity
Two areas per bank defined by page
range
By sectors (128 Kbytes)
By group of
4 8‑Kbyte
sectors
By sectors
(16 K, 64 K,
128 K, or
256 Kbytes)
SRAM WRP SRAM2, with 1‑Kbyte granularity No No No No
PCROP
No (replaced by
TrustZone)
No
No
(replaced by
TrustZone)
By area with
256‑byte
granularity
By area with 256‑byte
granularity, one area per
bank
By sectors
HDP
Up to two secure hide
areas (HDP) inside the
TrustZone secure domain
3‑stage temporal isolation,
one per bank
Yes (secure user memory, with 256‑byte
granularity)
No
Firewall
No (replaced by
TrustZone)
No
No
(replaced by
TrustZone)
No No No No
MPU Yes Yes Yes Yes Yes Yes Yes Yes
OTP 512 bytes 2 Kbytes No No No No
UBE
(1)
Yes (boot lock feature) Yes Yes Yes (unique entry point in secure access) No
Internal tamper detection Yes Yes Yes Yes Yes Yes Yes Yes
Hardware crypto AES, HASH, PKA HASH
AES,
HASH,
OTFDEC,
PKA
AES, DES, HASH, OTFDEC AES, HASH
RNG SP 800‑90‑B SP800‑90‑A
Secure software
SBSFU No No No No Yes Yes Yes Yes
TF-M Yes Yes No Yes No No No No
KMS No No No Yes No No No No
1. Unique boot entry.
6.2
Readout protection (RDP)
The readout protection is a global flash memory protection allowing the embedded firmware code to be protected
against copy, reverse engineering, dumping, using debug tools, or code injection in SRAM. The user must set
this protection after the binary code is loaded to the embedded flash memory.
The RDP applies to all STM32 devices for:
• the main flash memory
• the option bytes (level 2 only)
AN5156
Readout protection (RDP)
AN5156 - Rev 8
page 29/56
To Next Page
Loading...
Need help?
General
