Replace Factory Bootloader with Custom Secure Bootloader on STM32U3 ?

ashraf21 · ‎2025-06-10

Hi ST Community,

I’m working on a secure boot implementation for the STM32U3 series and need to replace the factory ROM bootloader with my custom secure bootloader. Here’s what I’d like to clarify:

Can We Fully Remove the Factory Bootloader?

The STM32U3’s ROM bootloader (System Memory) is in masked ROM, so is it even possible to erase or disable it completely?
If not, what’s the most secure way to bypass it and ensure the MCU always boots from my custom bootloader in Flash?

Andrew Neil · ‎2025-06-10

No, you can't replace it.

A complex system that works is invariably found to have evolved from a simple system that worked.
A complex system designed from scratch never works and cannot be patched up to make it work.

TDK · ‎2025-06-10

> The STM32U3’s ROM bootloader (System Memory) is in masked ROM, so is it even possible to erase or disable it completely?

Read-only Memory (ROM) is read only and cannot be changed.

> If not, what’s the most secure way to bypass it and ensure the MCU always boots from my custom bootloader in Flash?

Change the option bytes such that the chip always boots to user flash, regardless of pin settings. Look at AN2606 and change NBOOT0 = NSWBOOT0 = 0 to avoid bootloader patterns.

If you feel a post has answered your question, please click "Accept as Solution".