2009-04-20 08:32 PM
STM32 Flash Security (edited)
2011-05-17 04:10 AM
Hello All,
I'm working on a proprietary bootloader app on an STM32F101CB and have an issue: Using PM0042, AN2557, and FWLib2.0, I have been able to achieve a functional bootloader. I am however having issues with flash security in that when modifying the WP bits with RDP enabled, somehow RDP is being cleared and the device erases itself. I am using the following procedure: -call FLASH_Unlock() in stm32f10x_flash.c -call FLASH_EraseOptionBytes() in stm32f10x_flash.c -call FLASH_EnableWriteProtection() in stm32f10x_flash.c -generate a POR reset using the WWDG as in AN2557. According to PM0042, erasing the option bytes should not affect the RDP register and therefore not trigger a mass erase. When single-stepping in the debugger, I can not see that the RDP byte is affected in any way during the WP write process. I haven't yet narrowed it down any further, but the problem does seem to occur in either FLASH_EraseOptionBytes() or FLASH_EnableWriteProtection(). I've also experimented with re-enabling the RDP each time but it seems to make no difference. Has anyone else seen this or notice that I've missed something? This raises a question: According to the Read Protection section of PM0042, once the RDP has been programmed to a value (set?): [quote] Pages 0-3 (for low- and medium-density devices), or pages 0-1 (for high-density devices) are automatically write-protected. The rest of the memory can be programmed by the code executed from the main Flash memory (for IAP, constant storage, etc.), but it is protected against write/erase (but not against mass erase) in debug mode or when booting from the embedded SRAM.[end quote] What I gather from this is that RDP superscedes ''external'' WP protection across the entire FLASH range. If so, wouldn't WP become more of an ''internal'' function to prevent my code from accidentally writing to the wrong page? Do I even need to enable WP for ''external'' protection? Thanks, Joe [ This message was edited by: joe6 on 20-04-2009 16:01 ]2011-05-17 04:10 AM
An Update:
I double-checked my port of stm32f10x_flash to CrossWorks & all seems OK there. I had forgotten to set the flash latency but correcting this made no difference. In the program, I am performing the above mentioned WP mod. sequence twice: First to unlock the application section, leaving the bootloader section write-protected during the update. The second time is at the end of the update to write-protect the entire flash memory. I can leave in both instances or comment out either one. Regardless, the issue seems to occur the first time the above code is run with RDP enabled. Again, is this necessary to protect from outside intrusion? or is enabling RDP along with the WP bits for my bootloader sufficient? J