RDP

This message will disappear after all relevant tasks have been resolved.

Semantic MediaWiki

There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. What is readout protection

Readout protection is a life cycle mechanism used to control the access to the devices debug, test and provisioned secrets.

RDP protection level	Debug	Comments
Level 0: device open	Secure and nonsecure	Boot address must target a secure area when Arm^® TrustZone^® is enabled (secure SRAM, secure flash memory, or Root Security Services in system flash memory). Both OEM1 and OEM2 unlocking keys can be provisioned in the flash memory user options^[1].
Level 0.5^[2]: device partially closed	Nonsecure only	Boot address must target a secure area when TrustZone is enabled (secure user or system flash memory). Boot on SRAM is not permitted. Access to nonsecure flash memory is allowed when debug is connected. Both OEM1 and OEM2 unlocking keys can be provisioned in the flash memory user options ^[1].
Level 1: device memories protected	Nonsecure only (conditioned)	Boot address must target the secure user flash memory. Accesses to nonsecure flash memory, encrypted flash memory, SRAM2, and backup registers are not allowed when debug is connected. Both OEM1 and OEM2 unlocking keys can be provisioned in the flash memory user options^[1].
Level 2: device closed	None	The boot address must target the user flash memory. The flash memory user option bytes are read-only, so RDP level 2 cannot be changed, unless the OEM2 unlocking key is activated.

↑ ^1.0 ^1.1 ^1.2 OEM1 and OEM2 key modification is no longer possible once the lock mechanism is activated.
↑ Only applicable when TrustZone security is activated in the product

2. RDP level management

The figure below illustrates the level transitions:

As shown in the previous figure, the regressions can be conditioned to dedicated password keys, if provisioned by the OEM.
During the regression from RDP level 1 to RDP level 0.5, only nonsecure embedded flash memory is erased. This keeps functional elements such as the secure boot and the secure firmware update.
During the regression from RDP level 1 to RDP level 0, the full embedded flash memory is erased.
In all regressions from level 1, the OTP area in the flash memory is kept. Hence, no secrets must be stored in the OTP as they are revealed after a regression to RDP level 0.
The regression from RDP level 2 to 1 does not erase the application code, nor does it change the RDP level 1 protections in place.

3. Further information

Refer to the reference manual of the series for all the details concerning RDP management.

[lock_mecanism-1] 1.0 ^1.1 ^1.2 OEM1 and OEM2 key modification is no longer possible once the lock mechanism is activated.

[trustzone-2] Only applicable when TrustZone security is activated in the product

[1]

[2]