How to start with RDP for STM32U0 MCUs

Literature
UM2237 STM32CubeProgrammer software description.

RM0503 STM32U0 series reference manual.

Introduction
Start by reading the RDP for STM32U0 article.

Through this practical example you will learn:

• How to set the OEM1/2 password used to lock the RDP levels
• How to change RDP levels using these passwords

Prerequisites

• Hardware
  • USB Type-C^® cable
  • STM32U083 Nucleo board

• Required tools
  • STM32CubeProgrammer_rev2.16.0 or later

1. RDP usage with password using STM32CubeProgrammer command lines

1.1. Transition between RDP level 0 and RDP level 1

Two 128-bit keys (OEM1KEY and OEM2KEY) can be defined and used to lock the RDP regression readout protection. When the OEM1 RDP lock mechanism is active, it blocks the RDP level 1 to RDP level 0 regression. The user must use the password to perform RDP level1 to RDP level 0 regression.

Warning

OEM1 and OEM2 password values are chosen by the user. In this wiki page the value used is always FFFFFFFF FFFFFFFF 00000000. However, users shall select a different value for their product. It is their responsibility to do so to secure RDP regressions on their product.

Here is a sequence to:

• Activate OEM1 lock mechanism:

STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -lockRDP1 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0x00000000

• Set RDP level 1:

STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -ob RDP=0xBB

• Unlock password 0EM1:

STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug ap=1 -unlockRDP1 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0x00000000

• Perform regression to RDP level 0:

STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -ob RDP=0xAA

• Deactivate password OEM1:

STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -lockRDP1 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF

1.2. Transition between RDP level 0 and RDP level 2

When the OEM2 RDP lock mechanism is active, it allows the RDP level 2 to RDP level 1 regression: if OEM2 is not activated, the user cannot perform regression from RDP level 2 to RDP level 0.

Warning

OEM1 and OEM2 Passwords values are chosen by user. In this wiki page the value used is always FFFFFFFF FFFFFFFF 00000000. However users shall select a different value for their product. It is their responsibility to do so to secure RDP regressions on their product.

Here is a sequence to:

1. Activate OEM1 and OEM2 lock mechanisms and define passwords
2. Set RDP level 2
3. Unlock password 0EM2 with access port set to 1
4. Perform regression from RDP level 2 to RDP level 1
5. Unlock password 0EM1 with access port set to 1
6. Perform regression from RDP level 1 to RDP level 0
7. Deactivate password mechanism for OEM1 and OEM2

STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -lockRDP1 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0x00000000
STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -lockRDP2 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0x00000000

STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -ob RDP=0xCC

STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug ap=1 -unlockRDP2 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0x00000000
STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -ob RDP=0xBB
STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug ap=1 -unlockRDP1 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0x00000000
STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -ob RDP=0xAA

STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -lockRDP1 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF
STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -lockRDP2 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF

2. RDP usage with password using STM32CubeProgrammer GUI

With the STM32CubeProgrammer graphic interface, the user can proceed in the same way as with the command line.

Care must be taken to ensure that the correct "Access port" number is set during device connection.

2.1. Transition between RDP level 0 and RDP level 1

2.1.1. Choose and activate the OEM1 password

• Connect the device:
  • Set "Access port" to 0
  • Click to "Connect"

• Check that the device RDP level is set to 0 (0xAA):

• Go to "Secure programming" tab
• Enter a 128-bit password and select "Set password"

Warning

OEM1 and OEM2 password values are chosen by the user. In this wiki page, the value used is always FFFFFFFF FFFFFFFF 00000000. However, users shall select a different value for their product. It is their responsibility to do so to secure RDP regressions on their product.

• Validate the message boxes

The OEM1 password is now defined and activated.

This means that if the RDP level is set to 1, the only way to regress from this level is to unlock the OEM1 password.

2.1.2. Set RDP level 1

• Do not disconnect the board from STM32CubeProgrammer and go to "Option bytes" tab.

Note that if you have disconnected the board from STM32CubeProgrammer, it must be reconnect with "Access port" = 0.

• Select RDP level "0xBB" and apply this modification.

The device is now programmed on RDP level 1.

2.1.3. Unlock the password OEM1

Disconnect the device from STM32CubeProgrammer and reconnect it with "Access port" set to 1:

In "Secure programming" tab click on "Unlock RDP1" and accept the message boxes:

Now that the OEM1 password is unlocked the regression can be done.

2.1.4. Regression to RDP level 0

Disconnect the device from STM32CubeProgrammer and reconnect it with "Access port" set to 0:

In "Option bytes" tab, select 0xAA to RDP and apply the changes.

2.1.5. Disable the OEM1 password mechanism

This step is equivalent to the command line :

STM32_Programmer_CLI.exe -c port=SWD mode=Hotplug -lockRDP1 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF

To deactivate the OEM1 password click on "Disable password" in "Secure programming" tab and accept the message boxes :

2.2. Transition between RDP level 0 and RDP level 2

You can proceed the same way as for transitions between RDP level 0 and 1. Care must be taken to set "Access port" to 1 during connection when password OEM2 and OEM1 must be unlocked!

Please refer toUM2237 STM32CubeProgrammer software description on page 61