STM32G0B0: Prevent bootloader execution after RDP regression from level 1 to 0 and OBL causing mass erase and system reset

DaMCU · ‎2022-02-23

Hello,

I would like to know how to prevent the execution of the on chip bootloader after a RDP regression from level 1 to level 0. After the necessary option byte load (OBL) a mass erase is done and the chip is reset and after the reset the bootloader is executed.

Since I am programming all option bytes, I have played with different values for option bits nBOOT0, nBOOT1 and nBOOT_SEL but no combination will do the trick...

Thank you!

DaMCU · ‎2022-03-04

I discovered a little trick to circumvent the problem: I just program the bits nBOOT0, nBOOT1 and nBoot_SEL bits to select boot from SRAM before doing the RDP regression. This bypasses the empty check and prevents bootloader execution successfully. After flash programming is complete, I just reprogram those bits to select boot from flash and that's it 😉

View solution in original post

waclawek.jan · ‎2022-02-23

> after a RDP regression from level 1 to level 0

How do you do that?

> After the necessary option byte load (OBL) a mass erase is done and the chip is reset

'G0B0 implements the FLASH empty check/AN2606 pattern 11 bootloader entry. So either program the FLASH immediately after the bulkerase, without reset; or set the option bits influencing bootloader entry so that they prevent bootoader entry upon empty flash.

JW

waclawek.jan · ‎2022-02-23

OK I see BOOT_LOCK is not described in RM0454.

You may want to try following RM0444.

JW

DaMCU · ‎2022-02-23

Well STM32G0B0 doesn't have the FLASH_SECR register, so no BOOT_LOCK available. That was the first thing I checked... 😉

DaMCU · ‎2022-02-23

> How do you do that?

I'm using SEGGER J-Flash utility together with Flasher ATE programmer. With this you can define init and exit steps for programming the target. Im doing the regression in the init steps:

Unlock FLASH_CR::LOCK
Unlock FLASH_CR::OPTLOCK
Write 0xDFFFE1AA into FLASH_OPTR
Write 0x0000007F into FLASH_WRP1AR, FLASH_WRP1BR, FLASH_WRP2AR, FLASH_WRP2BR
Clear error flags in FLASH_SR by writing 0x000083FB
Waiting until flash is ready by checking FLASH_SR::BSY1, FLASH_SR::BSY2, FLASH_SR::CFGBSY flags
Start option bytes programming by setting FLASH_CR::OPTSTRT bit
Waiting until flash is ready by checking FLASH_SR::BSY1, FLASH_SR::BSY2, FLASH_SR::CFGBSY flags
Do option bytes loading by setting FLASH_CR::OBL_LAUNCH
Reset and hold

The bootloader is active between the last two steps.

With these steps I can change the option bits FLASH_OPTR::nBOOT0, FLASH_OPTR::nBOOT1 and FLASH_OPTR::nBOOT_SEL, but none of the 8 possible combinations prevent the bootloader from executing!

waclawek.jan · ‎2022-02-23

Then there's probably no other way than to program the first word of FLASH to non-FFFFFFFF.

JW

DaMCU · ‎2022-02-23

Well, the flash will be programmed after finishing the init steps anyway, but between two of those init steps (see my other post: between OBL and reset and hold) the bootloader is active. That is what I'm trying to prevent. The bootloader is not running after the reset and hold step...

waclawek.jan · ‎2022-02-23

IMO you should be able to perform all these operations while being under reset all the time, but I am no expert on the boot sequence. You should perhaps talk to Segger.

JW

DaMCU · ‎2022-03-04

I discovered a little trick to circumvent the problem: I just program the bits nBOOT0, nBOOT1 and nBoot_SEL bits to select boot from SRAM before doing the RDP regression. This bypasses the empty check and prevents bootloader execution successfully. After flash programming is complete, I just reprogram those bits to select boot from flash and that's it 😉

waclawek.jan · ‎2022-03-04

Interesting trick, thanks for sharing.

JW