PCROP area of STM32L471

Nicholas Parker · ‎2025-12-15

Hello,

I'm looking for some clarification over how the PCROP area can be used. The user manual for STM32L471 states that code in this area can be executed but that data at flash in this area cannot be read. Does this mean if I put a decryption algorithm in this area that I cannot also put the key in this area also? As is would be unreadble?

Nick.

TDK · ‎2025-12-15

Correct. The key would be read as data by the CPU which is not allowed. PCROP is meant to protect instructional code.

If you want to protect secret data, consider using RDP level 1, although that is somewhat more restrictive.

Newer chips are considerably more flexible and complicated in their security options. If RDP doesn't work for you, consider moving to one of those.

If you feel a post has answered your question, please click "Accept as Solution".

Pavel A. · ‎2025-12-15

Actually you can put the key in PCROP area, but in a weird way that is hard to use (but not impossible).

The PCROP thing is based on a simple cheap trick: you disable data access (D-bus) to certain address range and let only instruction fetch access (I-bus). The code in this area becomes execute-only. The IAR compiler supports this mode, for a very reasonable price ;)

Nicholas Parker · ‎2025-12-15

Thanks -- rather than a const [] array in flash to house a key, could code be written in such a way as to use a "load immediate" assembly opcodes into a RAM key array, within the PCROP area, in-order to have the key stored as instructions in flash? I'm not so sure about the attack vectors in that case....readout protection could protect the RAM though right?

Pavel A. · ‎2025-12-15

Yes, exactly so.