Disable the debug port but still be able to perform a mass-erase?

blackrod · ‎2019-09-24

Hello!

I have a quite specific question about STM32L4-MCUs. For a project, I would like to use code Readout Protection (RDP), but I have to be able to mass-erase the chip and manually upload a new image.

So only RDP level 1 is an option. But with RDP, the debug port seems to have access to SRAM1 and to most of the registers. This is undesirable, because an attacker could read out all sorts of information.

So my question is: is it possible to disable SWD and JTAG debugging (manually from user code) when activating RDP level 1, so that the debug interface cannot be used anymore to read out registers and SRAM1, as this functionality is not needed, but still being able to perform a forced mass-erase on the whole chip and reset it to factory, kind of?

Thanks and best regards,

the blackrod

Pavel A. · ‎2019-09-24

> So my question is: is it possible to disable SWD and JTAG debugging (manually from user code) when activating RDP level 1,

Not possible. Adversary can connect debugger under reset, before your code has chance to do anything.

But you can use tamper detection and keep the secrets in RTC registers that are erased by the tamper mechanism.

-- ps

View solution in original post

Pavel A. · ‎2019-09-24

> So my question is: is it possible to disable SWD and JTAG debugging (manually from user code) when activating RDP level 1,

Not possible. Adversary can connect debugger under reset, before your code has chance to do anything.

But you can use tamper detection and keep the secrets in RTC registers that are erased by the tamper mechanism.

-- ps