RM0453 Rev 5 119/1450
RM0453 Embedded flash memory (FLASH)
154
• Debug, boot RAM and bootloader and SFI/RSS modes
In debug mode or when the code is running from boot RAM or bootloader or SFI/RSS,
the main flash memory, backup registers (RTC_BKPxR in the RTC) and SRAM2 are
totally inaccessible. In these modes, a read or write access to the flash memory
generates a bus error and a hard fault interrupt.
Caution: In case the level 1 is configured and no PCROP areas are defined, it is mandatory to set
PCROP_RDP bit to 1 (full mass erase when the RDP level is decreased from level 1 to
level 0). In case the level 1 is configured and a PCROP area is defined, if the user code
needs to be protected by RDP but not by PCROP, it must not be placed in a page containing
a PCROP area.
Level 2: no debug
In this level, the protection level 1 is guaranteed. In addition, the CPU1 and CPU2 debug
port, the boot from RAM (boot RAM mode) and the boot from system memory (bootloader
mode) are no more available. Boot in SFI/RSS mode is still possible. When not needed, this
can be disabled by locking CPU2 boot in C2BOOT_LOCK. In user execution mode (boot
FLASH mode), all operations are allowed on the main flash memory. On the contrary, only
read and secure write operations can be performed on the option bytes. Option bytes, can
only be programmed and erased by a secure CPU2.
When the system is non-secure (ESE = 0), the level 2 cannot be removed at all. It is an
irreversible operation. When attempting to modify the options bytes, the protection error flag
WRPERR is set in FLASH_SR and FLASH_C2SR, and an interrupt can be generated.
Note: The debug feature is also disabled under reset.
STMicroelectronics is not able to perform analysis on defective parts on which the level 2
protection has been set and the system is non-secure (ESE = 0).
Change the readout protection level
It is easy to move from level 0 to level 1 by changing the value of the RDP byte to any value
(except 0xCC). By programming the 0xCC value in the RDP byte, it is possible to go to
level 2 directly from level 0 or from level 1. Once in level 2 and the system is non-secure
(ESE =0 ), it is no more possible to modify the readout protection level.
When the RDP is reprogrammed to the value 0xAA to move from level 1 to level 0, a mass
erase of the main flash memory is performed if PCROP_RDP is set in
FLASH_PCROP1AER. Backup registers (RTC_BKPxR in the RTC), SRAM1, SRAM2 and
PKA SRAM are also erased. The user options except PCROP protection are set to their
previous values copied from FLASH_OPTR, FLASH_WRP1xR (x= A or B). PCROP is
disabled. The OTP area is not affected by mass erase and remains unchanged.
If the bit PCROP_RDP is cleared in FLASH_PCROP1AER, the full mass erase is replaced
by a partial mass erase that is successive page erases, except for the pages protected by
PCROP. This is done in order to keep the PCROP code. Only when the flash memory is
erased, options are re-programmed with their previous values. This is also true for
FLASH_PCROP1xSR and FLASH_PCROP1xER registers (x= A or B).
If the CPU2 is secure (ESE = 1) the full mass erase is replaced by a partial mass erase that
is successive page erases, except for the pages protected by CPU2 security (SFSA). This is
done in order to keep the CPU2 secure code.
To Next Page
Loading...
Need help?
General
