Unable to regress to RDP=0

Manuel Ferrero · ‎2023-07-11

I'm working on a custom STM32U5 board and I'm trying to harden the system.

I followed the AN5347 (https://www.st.com/resource/en/application_note/an5347-arm-trustzone-features-for-stm32l5-and-stm32u5-series-stmicroelectronics.pdf) in particular I followed the chapter 10 with success as I was able to raise up to RDP=2 with OEM password and back to RDP=0.

Then I tried for the second time using the STM32CubeProgrammer instead of the command line as described in the application note, but I got some issues at step 5: Set RDP level 2. The STM32CubeProgrammer did not end the process and got stuck writing RDP=0xCC in the option byte and after ten minutes I forced the termination of the GUI.

After that I was not able to recover to RDP=0.

Every time I try to send a command to the board I get some error.

If I try to follow chapter 10.6 Unlock RDP level 2 with OEM2Key with the command line:

STM32_Programmer_CLI.exe -c port=swd mode=UR -unlockrdp2 0xMYKEYLOW 0xMYKEYHI

the result is the following:

      -------------------------------------------------------------------
                       STM32CubeProgrammer v2.13.0
      -------------------------------------------------------------------

ST-LINK SN  : 53FF71068389505253152567
ST-LINK FW  : V2J40S7
Board       : --
Voltage     : 3.39V
Unlock RDP2 password succefully done!
Error: ST-LINK error (DEV_TARGET_NOT_HALTED)

All other commands sent via cli or via the programmer, get some error, most of the time unable to read values.

Now I don't know what to do to recover this board.

Any idea?

Diane POMABIA · ‎2023-07-17

Hello @Manuel Ferrero ,

If you have activated RDP level 2 without defining the OEM2key, you have blocked your part and will no longer be able to regress, therefore erasing or reprogramming it.

You can refer to table 21 in reference Manual (RM0456)

Regards

Diane

Regards

Diane

View solution in original post

Diane POMABIA · ‎2023-07-12

Hello @Manuel Ferrero

Can you confrim that that you followed the same procedure as described in this article?

https://community.st.com/t5/stm32-mcus/how-to-regress-from-rpd-level-2-to-rdp-level-0-on-the-stm32u5/ta-p/568476

Regards

Diane

Manuel Ferrero · ‎2023-07-13

Hello @Diane POMABIA

I confirm that I followed that procedure, but at the moment I have problems at step #3, where I get the following error:

09:29:23 : UR connection mode is defined with the HWrst reset mode
09:29:24 : ST-LINK SN : REDACTED
09:29:24 : ST-LINK FW : V2J40S7
09:29:24 : Board : --
09:29:24 : Voltage : 3.39V
09:29:24 : SWD freq : 4000 KHz
09:29:24 : Connect mode: Hot Plug
09:29:24 : Reset mode : Software reset
09:29:24 : Device ID : 0x482
09:29:24 : Revision ID : Rev W
09:29:24 : Debug in Low Power mode enabled.
09:29:25 : Error: Target interface must be at chip protection Level 2
09:29:25 : UPLOADING OPTION BYTES DATA ...
09:29:25 : Bank : 0x00
09:29:25 : Address : 0x40022040
09:29:25 : Size : 36 Bytes
09:29:25 : Error: Uploading Option Bytes bank: 0 failed
09:29:25 : Error: Initializing the Option Bytes failed
09:29:25 : Disconnected from device.

And when I try to reconnect the STLINK i get the following log:

09:34:13 : UR connection mode is defined with the HWrst reset mode
  09:34:14 : ST-LINK SN  : REDACTED
  09:34:14 : ST-LINK FW  : V2J40S7
  09:34:14 : Board       : --
  09:34:14 : Voltage     : 3.39V
  09:34:14 : SWD freq    : 4000 KHz
  09:34:14 : Connect mode: Hot Plug
  09:34:14 : Reset mode  : Software reset
  09:34:14 : Device ID   : 0x482
  09:34:14 : Revision ID : Rev W
  09:34:14 : Debug in Low Power mode enabled.
  09:34:14 : UPLOADING OPTION BYTES DATA ...
  09:34:14 :   Bank          : 0x00
  09:34:14 :   Address       : 0x40022040
  09:34:14 :   Size          : 36 Bytes
  09:34:14 : Error: Uploading Option Bytes bank: 0 failed
  09:34:14 : Error: Initializing the Option Bytes failed
  09:34:14 : Disconnected from device.

Is there some procedure to wipe completely the micro and restart from scratch or I have to throw it in the bin?

Diane POMABIA · ‎2023-07-17

Hello @Manuel Ferrero ,

If you have activated RDP level 2 without defining the OEM2key, you have blocked your part and will no longer be able to regress, therefore erasing or reprogramming it.

You can refer to table 21 in reference Manual (RM0456)

Regards

Diane

Regards

Diane

Manuel Ferrero · ‎2023-07-18

In RM0456 I read:

"Shifting the password key through JTAG/SWD corresponds to writing two 32-bit key words,
AUTH_KEY[31:0], then AUTH_KEY[63:32], in the DBGMCU_DBG_AUTH_HOST register."

If I launch the STM32CubeProgrammer and I write my password in the Secure programming screen does the ST-LinkV2 send the password as described?

Diane POMABIA · ‎2023-07-19

Hello @Manuel Ferrero

Yes, based on what you told me under the forum of the article, you have correctly set your password .

You are facing a tool bug, this is a workaround:

Can you retest on your two boards by doing step 1 <<Go back to the "secure programming" menu and Click on "Unlock RDP2" and after on "Apply unlock RDP2">> 2 times before moving on to step 2?

if you have correctly defined your password, no worries, go back directly from this step, you can regress to level 0.

Internal ticket has been created to solve this bug.

Internal ticket number: 157559 (This is an internal tracking number and is not accessible or usable by customers).

Let me know if it's ok for you.

Regards

Diane

Istillaga · ‎2024-04-15

Hello,
I have the same problem with STM32U585. Did you manage to solve the problem? If you could tell me what you did, you could really help me out.

Thanks in advance.

Diane POMABIA · ‎2024-04-16

Hello @Istillaga

Can you give me your cubeProgrammer version ?

Regards

Diane

Istillaga · ‎2024-04-16

Hello @Diane POMABIA ,

Thank you for responding.

I have version 2.16.0 of CubeProgrammer.

Regards

Istillaga