cancel
Showing results for 
Search instead for 
Did you mean: 

OTP readable by debugger while RDP set to 1

OTP portion of FLASH is a valuable asset in some STM32 families and represents a convenient place to store things like security keys. For this, it is desirable - and, as it's part of FLASH, also quite logically expected - that setting read-out protection to any level above 1 prevents the debugger from reading it.

In RM0444 Rev.5 and RM0454 Rev.5 (the current 'G0 manuals), the following text indicates that this should be the case:

waclawekjan_0-1716631014181.png

The following table appears to indicate the same behaviour:

waclawekjan_1-1716631210918.png

However, user @DAlbe.3 reported, that he was able to read out OTP using debugger, while RDP was set to Level1.

This, together with the fact, that the above table has changed across RM revisions, rises questions about the OTP's security.

Can ST please comment?

 

Thanks,

JW

1 REPLY 1