cancel
Showing results for 
Search instead for 
Did you mean: 

About read-out protection, write protection

Quang Ha
Associate

Hi all,

I'm working in a project (with STM32L462) in which we're building our own bootloader to perform secure boot and firmware upgrade. There are some issues we're still struggling with, regarding protection of our code (and data). Hopefully someone can give me some explanation, hint or application note to help me out.

So, these are what we need:

  • We have our own bootloader, and we want to setup Read-out protection (to avoid the source code to be read out by JTAG or debugger) and also Write protection to avoid the source code from being overwritten (accidentally) during operation. So, the first question is if we can setup both read/write protection on the same flash area? I have read about PCROP but can't really figure out if using PCROP is a better option or enabling both RDP and WRP is better?
  • We have a flash area to store the executable firmware which I will have to overwrite during firmware update. So, next question is, can I disable WRP to overwrite the data and then enable it again? How should I do it?
  • We have data that require to be written only once during device's lifetime. Let's say if the byte is written, it should never be modified by any way (but still read able by firmware, not by jtag/debugger). I think write protection of the byte should do the job? On the other hand, I also have data that should be able to be overwritten only by the firmware. I read that STM32L4 only support 2 areas for WRP. So, if I set up one area for the bootloader, I should gather all data I want to do WRP in the other area, right?
  • In our project, we use Segger for debugging and downloading the program. The interface doesn't support ST-Link Utility. I've seen a some answers and suggestions that we should do RDP, WRP setup via ST-Link Utility but it's not an option for us. Is there any guideline, application note for doing that in the source code? or with SEGGER? I'm using STM32CubeIDE, not Keil.

Thanks for taking your time reading it. Any suggestions or hints are appreciate.

2 REPLIES 2
Dolence
Associate III

I have very similar questions and can't pick up any part because all seemed to have serious security flaws. How are you going with your project?

suraj.pai
Associate

Any updates on this? I have the same questions except for Segger.