cancel
Showing results for 
Search instead for 
Did you mean: 

How to Secure FW and keep IAP function

Tai.Cheng Chung
Associate II
Posted on September 01, 2015 at 05:48

Dear Sir:

  My project use STM32F427. The project contains bootloader and main application. The bootloader can be used to update the main application.

   Now I want to secure the application. I use Jlink secure chip function and see  RDP bits updated. But now I can't burn application via bootloader. If I  un-secure chip and this time all chip erased, including bootloader.

  Doese this means we can't have secure function in IAP function together? 

  
4 REPLIES 4
tm3341
Associate II
Posted on September 01, 2015 at 08:46

You can have both, but before you start with sector delete for your code and other stuff, make sure you disable read protection with software first.

IAP example software AN3965 shows how to disable write protection before sector erase if it is enabled. Below functions shows my implementation. I use the same technic with bootloader and main program as you do. /* Value

FLASHLOADER.ApplicationStartSector is the sector number */

uint8_t TM_FLASHLOADER_DisableWP(void) {
uint8_t UserWrpSectors;
/* Mark all sectors inside the user flash area as non protected */
UserWrpSectors = 0xFFF - ((1 << (FLASHLOADER.ApplicationStartSector / 8)) - 1);
/* Unlock the Option Bytes */
FLASH_OB_Unlock();
/* Disable the write protection for all sectors inside the user flash area */
FLASH_OB_WRPConfig(UserWrpSectors, DISABLE);
/* Returns status, 0 = OK, 1 = Error */
if
(FLASH_OB_Launch() != FLASH_COMPLETE) {
/* return error */
return
1;
}
/* Lock option bytes */
FLASH_OB_Lock();
/* Return OK */
return
0;
}
uint8_t TM_FLASHLOADER_EnableWP(void) {
uint8_t UserWrpSectors;
/* Mark all sectors inside the user flash area as non protected */
UserWrpSectors = 0xFFF - ((1 << (FLASHLOADER.ApplicationStartSector / 8)) - 1);
/* Unlock the Option Bytes */
FLASH_OB_Unlock();
/* Disable the write protection for all sectors inside the user flash area */
FLASH_OB_WRPConfig(UserWrpSectors, ENABLE);
/* Returns status, 0 = OK, 1 = Error */
if
(FLASH_OB_Launch() != FLASH_COMPLETE) {
/* Return error */
return
1;
}
/* Lock option bytes */
FLASH_OB_Lock();
/* Return OK */
return
0;
}

Posted on September 01, 2015 at 13:37

Hi Calvin63,

Refer to

http://www.st.com/st-web-ui/static/active/en/resource/technical/document/application_note/DM00186528.pdf

, it provides a description of Flash memory protection techniques, focusing on PCROP and providing examples.

-Shahrzad-

Tai.Cheng Chung
Associate II
Posted on September 03, 2015 at 10:32

Hi Majerle:

  Thanks for the code, it works. However the function  FLASH_OB_WRPConfig(...) seems work for 1M Flash device only. How should I do if device is 2M flash?

tm3341
Associate II
Posted on September 03, 2015 at 11:45

Use FLASH_OB_WRP1Config for second 1MB section.