Memory Types Description Protections
SRAM
• TrustZone
• PCROP (not for SRAM)
• OTP (not in SRAM)
• Firewall
• Secure hide protection (not for SRAM)
• MPU
. Internal
. Volatile
Working memory for Stack, heap or buffers.
Can be used to execute the firmware
downloaded from internal or external non-
volatile memories.
NAND, NOR, Octo-
or Quad-SPI flash
memory
. External
. NVM
Additional memory for applications or data
storage
Cryptography
Write protection (on Flash device)
TrustZone
SDRAM
. External
. Volatile
Additional RAM for application execution Cryptography
4.4.1 System flash memory
In STM32 MCUs, the system memory is a read-only part (ROM) of the embedded flash memory. It is dedicated
to the ST bootloader. Some devices include additional secure services (RSS) in this area. This part cannot be
modified to guarantee its authenticity and integrity. The bootloader is readable since it does not contain any
sensitive algorithm. Some parts of the RSS are hidden and cannot be read by the user.
The protection attribute on the system flash memory cannot be modified.
4.4.2 User flash memory
This is the main user memory, used to store firmware and non-volatile data. It is part of the embedded flash
memory, and can be protected by a set of memory protection features available on all STM32 MCUs.
External attacks
The embedded flash memory is easy to protect against external attacks, unlike external flash memories. Disabling
the debugging port access with RDP and the controlled access of connectivity interface provide sufficient isolation
from outside.
Associated protection: RDP to disable debug access
Internal attacks
An internal read or write access to the memory can come from a malware injected either in the device SRAM or
inside an untrusted library, so that the critical code and data must only be accessible by authorized processes.
Associated protections: PCROP, MPU, firewall, secure hide protection, or TrustZone
Protecting unused memory
Write protection must always be set by default on the flash memory, even on unused area, to prevent either code
modification or injection. A good practice is to fill unused memory with known values such as software interrupt
(SWI) op-codes, illegal op-codes, or NOPs.
Associated protections: MPU or WRP
Error code correction (ECC)
The flash memory sometimes feature ECC that allows error detection and correction (up to 2-bit error detection
and 1-bit error correction). More considered as a safety feature, it also works as a complementary protection
against fault injection.
4.4.3 Embedded SRAM
The embedded SRAM is the device working memory. It is used for stack, heap, global buffers, and variables at
runtime. The SRAM can be accessed as bytes, half-words (16 bits), or full words (32 bits), at maximum system
clock frequency without wait state.
AN5156
Memory protections
AN5156 - Rev 8
page 19/56
To Next Page
Loading...
Need help?
General
