2024-06-24 02:41 AM
Hi Team,
MCU: STM32G0B1
Requirement: Flash memory protection is needed for the MCU code.
I am using stm32g0b1 MCU for my project, where I have completed my development activities.
MCU Flash contains two things. 1) MCU code 2) other important data related to end application.
Now, I want to add memory protection, so that no one can read/access my code. During research, I came across RDP and PCROP features of STM32g0.
1) I checked the RDP feature. It is working fine as per the implementation but there is one issue I am facing with it.
in my end application, we have a feature to upgrade the MCU code using a system bootloader(i am using I2C protocol to upgrade firmware. Find the document here). So when I am setting the RDP level 1 this feature is not working.
So is there any way to do this thing?
2) in my MCU, except for my code, there is no other code that needs to be flashed in the end product. 1) So, can I apply PCROP for full flash memory in my MCU? is that possible in this MCU?
2) If yes, then what are the changes I have to make in the cubeide (I am aware of how we can select the PCROP region using cube-programmer).
3) for PCROP, do we need to change anything in .id file?
4) The issue, I am facing in RDP, same will appear in PCROP or not?
If anyone has any information, please let me know. It will be a great help for me.
Thanks a lot !!
2024-07-04 07:35 AM
Hello @Dthum.1 ,
i would like to clarify some point about RDP and PCROP because the case you are describing in 1) shouldn't be unavailable after RDP level 1.
In fact, Readout protection is a global Flash memory protection allowing the embedded firmware code to be protected against copy, reverse engineering, dumping, using debug tools or code injection in SRAM.
in RDP level 1 :
If boot mode = user Flash and no debugger access is detected, then
• R/W/Erase possible on Flash memory, SRAM* and Backup registers*.
• Option bytes change possible
If boot mode ≠ user Flash or debugger access is detected, then
• R/W/Erase to Flash memory, SRAM* (family dependent), and Backup registers are blocked (hard fault generated).
• Option bytes change possible.
On a consumer product, the RDP must always be set at least at level 1. This prevents basic attacks through
the debug port or through the bootloader. However, in RDP level 1, there is a risk of service denial caused by a
flash memory mass erase, following a return to RDP level 0.
PCROP in the other hand
• This feature set a memory area in flash defined by user in execute only mode
• The CPU can only jump to a PCROP area but cannot read or write it.
• This region can’t be read via debugging link.
check this Introduction to security for STM32 MCUs - Application note for more details.
you can also thru the labs on YouTube to further help you understand the usage of these features:
Security Part3 - STM32 Security features - 07 - PCROP lab (youtube.com)
Security Part3 - STM32 Security features - 09 - Readout protection lab (youtube.com)
Regards
2024-07-07 11:08 PM
Hi @STea
Thank you for your quick response and suggestions. I will check with my end application.
Regards.