OEMiROT: what is the expected use case?

Steve Melnikoff · ‎2026-03-11

Typical bootloaders (including some of ST's built-in bootloaders for other processors) typically allow a code image to be loaded into the processor via some kind of serial link (UART, SPI, CAN, etc), without needing an ST-Link or other debug hardware. These make bootloaders ideal for in-field upgrades of products.

OEMiROT/OEMuROT has some features of a bootloader, in that a new image can be placed in a special area of flash and (if it passes all the various checks) then be executed.

However, there is no way of actually putting that image in flash without an ST-Link or similar, since this is needed to unlock the chip via the DA process. So if you want to do an in-field upgrade of your product's firmware without any debug hardware, OEMiROT in its current form isn't the solution.

Our approach is for our application to download the image into a reserved area of RAM and then switch to the bootloader, where our adapted version of OEMiROT copies this image from RAM to the special area of flash. At this point, the regular OEMiROT code takes over as normal.

As reported in other posts here, it appears that OEMiROT wasn't designed with this kind of functionality in mind. So my question is: was OEMiROT designed as a bootloader (in addition to its security functions)? If so, what is the expected use case?

(ST: please reply here, and not privately.)

Steve Melnikoff · ‎2026-03-17

ST Online Support replied:

by definition a bootloader's purpose is code executed at boot that will launch an application and that can have additional functionality.

-> Our embedded system bootloader has been designed to allow the internal flash/ option byte programming.

-> OEMiROT is a bootloader with the purpose to insure integrity and authenticity of the application firmware before launching it. On top of this it can install securely a new firmware encrypted and signed.

OEMiROT is a secure bootloader with secure update capability but doesn't integrate natively the loader code (capability to receive a new firmware encrypted and signed and program it in flash).

This capability to receive a new firmware encrypted and signed is not included as it's not related to security and is dependant on the customer use case. We have some code example with YMODEM protocol over the usart.

View solution in original post

Joe WILLIAMS · ‎2026-03-16

This post has been escalated to the ST Online Support Team for additional assistance. We'll contact you directly.

Steve Melnikoff · ‎2026-03-17

ST Online Support replied:

by definition a bootloader's purpose is code executed at boot that will launch an application and that can have additional functionality.

-> Our embedded system bootloader has been designed to allow the internal flash/ option byte programming.

-> OEMiROT is a bootloader with the purpose to insure integrity and authenticity of the application firmware before launching it. On top of this it can install securely a new firmware encrypted and signed.

OEMiROT is a secure bootloader with secure update capability but doesn't integrate natively the loader code (capability to receive a new firmware encrypted and signed and program it in flash).

This capability to receive a new firmware encrypted and signed is not included as it's not related to security and is dependant on the customer use case. We have some code example with YMODEM protocol over the usart.