cancel
Showing results for 
Search instead for 
Did you mean: 

STM32G030 readout protection level 1 (errata 2.2.3) POR lockup if boot select via BOOT0 pin enabled

DAlbe.3
Senior

EDITED:
Resolved, but leaving here for the next person who stumbles into this issue.
I'm using the STM32G030K6 and encountered two issues:

  1. Errata 2.2.3 - which correctly describes a serious issue when using readout protection level 1: if nBOOT_SEL is not set in the option bits, the uC will often fail to boot and even a hard reset will not recover, only a power cycle.  The errata correctly describes a workaround: set nBOOT_SEL in the option bits (removes the option to force entry to the bootloader by tying the BOOT0 pin high).
  2. Access to OTP memory is not protected by readout protection level 1.
    This is expected behavior since SystemMemory is not protected by RDP level 1, but it is unfortunate given that OTP is the perfect place to store device-specific persistent data like serial numbers, encryption keys, etc. This is particularly true on devices with limited flash where allocating a separate sector may be painful. Perhaps in a future version of the component, ST will consider protecting OTP as well as the code space.

The rest of this thread is obsolete, it was the result of a failed component where I could not set the nBOOT_SEL bit successfully.  Many thanks to @waclawek.jan for all of the patience and help!

22 REPLIES 22

Hello @DAlbe.3 ,

I agree there is an issue in the documentation.

Now regarding the actual protection of OTP value, I don't think this is an issue.

OTP are One Time Programmable and are not erased on RDP regression.

So, protecting OTP while in RDP1 does not bring you any OTP confidentiality protection as long as you can regress the device to RDP0 and read the OTP in clear.

Here, OTP purpose is to ensure immutability of the data, not confidentiality 

If you need this confidentiality, you must use RDP2. In that case, it you need to update the firmware, you will need a secure boot and loader in user flash to make sure a fake firmware cannot be installed.

Best regards

Jocelyn


@Jocelyn RICARD wrote:

So, protecting OTP while in RDP1 does not bring you any OTP confidentiality protection as long as you can regress the device to RDP0 and read the OTP in clear.

Good point!

wangxl
Associate

Thank you! I've encountered the very same problem with STM32G030F6P6. Setting nBOOT_SEL option works for me.

I would like to add some hardware details about the issue I encountered. This problem is highly related to the power supply. On my PCB, there is a 470uF capacitor. When the system powers on, if this capacitor is fully discharged, the STM32 fails to start. However, if the capacitor has a small residual voltage (> 0.xV), the STM32 starts normally.

I used an oscilloscope to check the VCC voltage rise curves in both cases, and I didn’t find obvious differences.