How to Lock STM32L5

PYada.1 · ‎2023-05-08

I am using STM32L5,

In our project, we want to create one script which will lock the bootloader option and enable RDP to 0xCC to disable JTAG.

We are using the SBSFU example as a base and developed our application on it.

In script Regration.bat, 0xAA RDP is set. whereas in the bootloader 0xBB is set.

I have commented Expected RDP error handler, to set the RDP level to 0xCC after bootup,

What is the best practice and sequence to do it?

I am performing the following sequence

1) Flash application using regration.bat SBSFU_Update.bat.

2) I have changed the following option byte value

Enable BOOTLOCK
Boot0 = 0

3) Change RDP level to 0xCC

After It, my bootloader is not able to boot up board. I have lost 2 chips during this process.

Before losing further chips, I want to have a clear and proper sequence of setting following option byte

1) BOOLOCK should be set

2) Boot0 should be lock

3) Disable JTAG..

@Diane POMABIA Can you please help me to achieve it?

Diane POMABIA · ‎2023-05-10

Hi @PYada.1

At first, be sure that your chip have in flash area an secure code that jump in non secure zone. But if it's not the case, you will definetly lost your chip.

What do you want to do ? Just change RDP level ?

Regards

DianeP

Jocelyn RICARD · ‎2023-05-24

Hello @PYada.1 ,

one possible issue you have is related to a bug in the SBSFU clock setting in file

STM32Cube_FW_L5_V1.4.0\Projects\NUCLEO-L552ZE-Q\Applications\SBSFU\SBSFU_Boot\Src\system_stm32l5xx.c

It is using DWT to perform a short delay. But DWT is disabled in RDP2.

This issue was solved in version V1.5.0.

Best regards

Jocelyn

PYada.1 · ‎2023-05-24

Hello @Diane POMABIA , Thanks for inut.

I am using the SBSFU example, which does have the secure area as a bootloader as well as secure applications.

I want to lock JTAG along with boot0.