4.4 Memory protections
Memory protections are of the highest importance when considering system security. Storage containing sensitive
code and data must not be accessible from any unexpected interface (debugging port) or an unauthorized
process (internal threat).
Depending on the asset to be protected (code or data), various mechanisms can be set to establish protections
at the source of the unauthorized access (external port, internal process) or on the memory type to be protected
(flash, SRAM, or external memory).
Part of the access filtering can be performed by the memory interfaces (like flash controller), the bus controller
peripheral (firewall), or through the core MPU if it is available. Details on proprietary protections (secure hide
protection, PCROP, WRP, RDP) can be found in Section 6 STM32 security features.
Embedded flash memory, embedded SRAM, and external memories are designed for different purposes. Their
respective protections mechanisms reflect these differences.
The figure below provides a simple view of memories access architecture in a microcontroller.
Figure 5. Memory types
DT50948V1
Flash controller
FMC
NOR/NAND flash
SDRAM
System Flash
memory
Flash
user memory
Bank 1
System Flash
memory
Flash
user memory
Bank 2
Bus masters
(such as CPU or DMA)
SRAM
Octo-SPI or
Quad-SPI
Octo-SPI or
Quad-SPI flash
STM32
microcontroller
OTFDEC
OTP
The table below summarizes the particularities of each type of memories and typical protection features.
Table 5. Memory types and associated protection
Memory
Types Description Protections
System flash
memory
. Internal
. NVM
. ROM
ROM part of the flash memory. Embeds device
bootloader and other ST services.
Cannot be updated (erase/written).
A part may also be unreadable.
User flash memory
. Internal
. NVM
Flash memory for user application
Internal protections:
• RDP
• WRP (not for SRAM)
AN5156
Memory protections
AN5156 - Rev 8
page 18/56
To Next Page
Loading...
Need help?
General
