FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32U585: Unable to Revert RDP Level 2 to Level 0 Using STM32CubeProgrammer (TrustZone Enabled)

Ananth_
Visitor

‎2025-11-17 10:08 PM

Hello ST Community,

I am working on an STM32U585AII6Q microcontroller with TrustZone enabled. My goal is to revert the RDP level from 2 (0xCC) back to 0 (0xAA) using STM32CubeProgrammer GUI.

#### Steps I Followed:
1. Defined OEM2KEY in the "Secure Programming" menu.
2. Set RDP to Level 2 successfully.
3. Tried to unlock RDP2 using the "Unlock RDP2" option in STM32CubeProgrammer.
- Log shows: "Unlock RDP2 password successfully done."
4. Gave power cycle and attempted to change RDP value from 0xCC to 0xAA in the "Read Out Protection" menu.

#### Issue:
- When I try to apply the change, I get the error:
**DEVICE NOT HALTED**
- The debugger cannot connect to the MCU after this step.

#### Hardware Setup:
- BOOT0 pin connected to VDD for RSS boot.
- Using STM32CubeProgrammer v2.19.0.

#### Questions:
1. What is the correct sequence to regress from RDP Level 2 to Level 0 when TrustZone is active?
2. How to resolve the "DEVICE NOT HALTED" error during regression?
3. Do I need to power-cycle or use a specific mode (Under-Reset vs Hotplug) in STM32CubeProgrammer?

Any guidance or example steps would be greatly appreciated.
I have followed the mentioned in below link: 1) How to regress from RDP level 2 to RDP level 0 on ... - STMicroelectronics Community

2)Followed chapter 10 in the following link - Introduction to Arm® TrustZone® features on STM32L5, STM32U5, and STM32U3 MCUs - Application note

Labels:
0 Kudos
2 REPLIES 2
SirineST
ST Employee

‎2025-11-17 11:58 PM

Hello @Ananth_ 

Could you please follow the sequence below:

  1. Connect to the board using CubeProgrammer and set the RDP level to 1.
  2. Apply a high level (VDD) to the BOOT0 pin (PH3).
  3. Remove the IDD jumper.
  4. Keep the STLink cable connected, power the board via the USB port using a separate cable, move the JP6 jumper to 5V_USB_C, and reinstall the IDD jumper.
  5. Connect to CubeProgrammer via ST-LINK using Hot Plug mode.
  6. Set the RDP level to 0 and disable the TZEN option by unchecking it.
  7. Apply the changes.

I hope I have answered your question.

With regards

 

If your question is answered, please close this topic by clicking "Accept as Solution"
0 Kudos
Ananth_
Visitor
In response to SirineST

‎2025-11-18 6:15 AM

Hello @SirineST 
Thank you for your detailed steps.

My Steps and Question :
I am working on a custom STM32U585AII6Q board with TrustZone enabled and external power supply. ST-LINK is connected via USB. Below are the steps I followed:

1.Defined OEM2KEY in the Secure Programming menu.
2.Set RDP Level 2 (0xCC) successfully.
3.Used Unlock RDP2 option in STM32CubeProgrammer → log showed:
Unlock RDP2 password successfully done.
4.Performed a power cycle and switched STM32CubeProgrammer to Hot Plug mode. (Previously, I tried using Under Reset mode and encountered the error: “DEVICE NOT HALTED.”)
5.Changed RDP from 0xCC (Level 2) to 0xAA (Level 0) successfully.
6.Disabled the RDP2 password.
Question
Why does the connection mode (Hot Plug vs Under Reset) play such an important role in this process?
Is it related to how the debug interface behaves during RSS boot and TrustZone state after unlocking RDP2?


Any clarification on the technical reason behind this would be greatly appreciated.

0 Kudos
Top