1. RDP level management
The STM32U0 silicon device life cycle is based on the RDP mechanism implemented for the FLASH interface.
RDP protection level | Debug | Comments |
Level 0: Device open | Allowed | Boot address can be either user flash, bootloader in system memory or embedded SRAM
depending on boot mode configuration. Any security configuration including OEM1 and OEM2 keys can be provisioned in flash user options. |
Level 1: Device memories protected | Limited | Boot address can be either user flash, bootloader in system memory or embedded SRAM
depending on boot mode configuration. Debug access to user FLASH memory, embedded SRAM and backup registers is not allowed. Any security configuration including OEM1 and OEM2 keys can be provisioned in flash user options. |
Level 2: Device closed | None | Boot address must target the user flash memory. Flash user options are read-only, hence RDP level 2 cannot be changed, unless OEM2
unlocking key is activated. |
The level transition are illustrated on the figure below:
- 0 to 1: write any other values than 0xCC or 0x AA in the RDP register
- 0 or 1 to 2: write 0xCC in the RDP register
- 2 to 1: inject the OEM2KEY value through the debug interface under reset. This operation is relevant only if the OEM2 password lock activation has been previously done.
- 1 to 0:
- if OEM1 password lock activation done: inject the OEM2KEY value through the debug interface under reset
- if OEM1 password lock activation not done: write 0xAA in the RDP register
2. RDP Password Regression
Regression allows reopening the product, by returning to RDP level 0.
A full flash user memory mass erase is applied prior to the reopening.
The devices support both permanent RDP Level 2 or password-based RDP Level 2 regression to Level 1.
This Level 2 regression does not erase the application code, and it does not change the RDP Level 1 protections in place.
OEM2LOCK | OEM1LOCK | |
0 |
1 | |
0 | RDP 1 to 0 always granted RDP 2 to 1 never granted |
RDP 1 to 0 needs OEM1KEY unlock sequence RDP 2 to 1 never granted |
1 | RDP 1 to 0 always granted RDP 2 to 1 needs OEM2KEY unlock sequence |
RDP 1 to 0 needs OEM1KEY unlock sequence RDP 2 to 1 needs OEM2KEY unlock sequence |