How to properly unlock a STM32F4xx device...

jeanpierre · ‎2014-12-02

Posted on December 02, 2014 at 19:30

Hello ST gurus!

May I inquire on the right sequence of steps to unlock a device (level 1 lock) to unlocked (level 0)?

The STM library reveals the following sequence is required to lock:

FLASH_OB_Unlock(); // Take the STM32F4xx from unlocked (level 0) to reversible lock (level 1)

FLASH_OB_RDPConfig(OB_RDP_Level_1);

FLASH_OB_Launch();

I assume the following code would unlock but it doesn't work!

FLASH_OB_Unlock(); // Take the STM32F4xx from reversible lock (level 1) to unlocked (level 0) -> Does not work!

FLASH_OB_RDPConfig(OB_RDP_Level_0);

FLASH_OB_Launch();

When I run the unlock code below, the chip crashes (understandable as its Flash & memory is wiped) and the chip becomes invisible via JTAG.

The only way to revert the STM32 back to level 0 is by booting the device in DFU mode by shorting boot pins and lanuching the DFUSE utility to unprotect the device.

Can unlocking be done in code? If DFUSE can do it I assume there is a magic sequence that can unlock a device by code running in Flash?

Thank you!!

Jean-Pierre

#locking-unlocking-protection

Tesla DeLorean · ‎2014-12-02

Posted on December 02, 2014 at 19:41

DFUSE isn't running in FLASH

My notes suggest the following,

FLASH_OB_Unlock();
FLASH_ClearFlag(FLASH_FLAG_EOP | FLASH_FLAG_OPERR | FLASH_FLAG_WRPERR |
FLASH_FLAG_PGAERR | FLASH_FLAG_PGPERR| FLASH_FLAG_PGSERR);
FLASH_OB_RDPConfig(OB_RDP_Level_0);
status = FLASH_OB_Launch();
if (status != FLASH_COMPLETE)
printf(''Failed to Launch

'');

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

jeanpierre · ‎2014-12-02

Posted on December 02, 2014 at 19:56

Thank you very much clive1 for the prompt and useful answer. I will test it right away and report if that made the difference. Thanks again! :)

jeanpierre · ‎2014-12-02

Posted on December 02, 2014 at 21:20

I have tried your suggestion and unfortunately I cannot with your code take a device from level 1 to level 0.

The only way to do so currently appears to go through DFUSE. Perhaps the study of its source code would reveal the magic sequence of steps needed to correctly unlock a device?

What code does DFUSE execute on a device to unlock it?

Thanks for your help!

Jean-Pierre

Tesla DeLorean · ‎2014-12-02

Posted on December 02, 2014 at 22:22

It's doing the equivalent to this, from memory that doesn't stop working half way through

FLASH_OB_Unlock();
FLASH_ClearFlag(FLASH_FLAG_EOP | FLASH_FLAG_OPERR | FLASH_FLAG_WRPERR |
FLASH_FLAG_PGAERR | FLASH_FLAG_PGPERR| FLASH_FLAG_PGSERR);
FLASH_OB_RDPConfig(OB_RDP_Level_0);
FLASH_OB_Launch();
FLASH_OB_Lock();
ClearSRAM();
NVIC_SystemReset();

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

jeanpierre · ‎2014-12-02

Posted on December 02, 2014 at 22:27

Thank you again for your valuable support. I will try this right away and report what happens.

Q: Can the code segment you provided run in RAM or Flash? (Our code runs in Flash...)

Tesla DeLorean · ‎2014-12-02

Posted on December 02, 2014 at 22:45

Q: Can the code segment you provided run in RAM or Flash? (Our code runs in Flash...)

Well the code, and everything it calls, need to be in RAM. I'd hand code it rather than use the library.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

jeanpierre · ‎2014-12-02

Posted on December 02, 2014 at 22:58

So that's why the same code segment is failing! It needs to run in RAM!

I have just found (after bricking several boards) that the above code will brick a device in a way that DFUSE cannot recover if locked to level 1.

(When locking for 0 -> 1 with DFUSE we can safely get it back to 0 but the above code segment you sent (when run from Flash), causes the device to become bricked. (DFUSE won't be able to recover it if your above segment runs to lock to level 1... DFU can't be invoked by shorting boot0 pin!)

Really tricky stuff! Is there a sample app that shows how to correctly lock & unlock (A Flash codebase properly calling the right sequence from RAM)

Thanks again for your help!

Danish1 · ‎2014-12-02

Posted on December 02, 2014 at 23:06

I can't say what other people do, but I only ever go from Level 1 to Level 0 while executing from RAM.

My bootloader puts the read protection to level 1. (I find I have to remove and reapply power for this to take effect). Only once it knows that read protection is applied will it load the application code (in my case from SD card).

The only reason to go back to level 0 is to allow me to change the bootloader or do some debugging (in which case I don't have the bootloader). And for this I use JTAG to download a small piece of code into RAM that changes the protection level.

One thing worth noting is that it does take a long time (several seconds) to go from Level 1 to Level 0 because that's how long it takes to erase the FLASH. Going from Level 1 to Level 0 will always erase the FLASH according to section 3.7.3 of the reference manual ''Read protection (RDP)''

What are the circumstances where you'd want to go from Level 1 to Level 0 ''under normal program control''?

jeanpierre · ‎2014-12-02

Posted on December 02, 2014 at 23:25

Hi Danish Ali,

Thank you very much to share your experiences with level0 <-> level1.

Q1: If I hear you correctly, the segment of code clive1 provided can take you from level0 <-> level1 *if* it runs from RAM and will fail if ran from Flash?

Q2: Is there any difference between your working code and clive's version?

(I have just bricked 4 boards running the above from Flash and have to be careful not to brick anymore!)