STM32H753ZI secure memory recover

kicur · ‎2024-05-12

Hello,

I've implemented secure bootloader on STM32H753ZI using SBSFU examples and it's working very well. To secure the board I use WRP + RDP Level 1 + Secure Memory Area for bootloader. I would like to have option to recover from this state and be able to switch board to Level 0 with mass erase. Unfortunately I cannot achive it. After switch from bootloader to main app I can only connect with hot plug moge (which is correct I think as Security OB is checked). I can't change RDP level from 1 to 0 in this mode using STM32 Cube Programmer. I click apply and nothing happens. I also can't set Secure Memory Area from Cube Programmer and it's only possible to set it from code in bootloader.

I tried to include code in my bootloader on the beginning which checks GPIO state. When it's low it set RDP level to 0. Without Secure Memory Area it's working fine and memory is erased and RDP is set to 0. However when I add Secure Memory Area and setting GPIO to low level I can't connect to board in any way and it looks like bricked. I have also checked OB to erase Secure Memory Area on RDP regression. For me it looks like the board still has secure memory area set to bootloader region and as chip is erased it stays in secure area forever. I've bricked few MCUs already so I would like to clarify this topic before next attempts 🙂

The code I am using to check GPIO state and set RDP level on bootloader start:

  GPIO_InitStruct.Pin = GPIO_PIN_8;
  GPIO_InitStruct.Mode = GPIO_MODE_INPUT;
  GPIO_InitStruct.Pull = GPIO_NOPULL;
  HAL_GPIO_Init(GPIOA, &GPIO_InitStruct);
  GPIO_PinState state = HAL_GPIO_ReadPin(GPIOA, GPIO_PIN_8);

  FLASH_OBProgramInitTypeDef OB;
  HAL_FLASHEx_OBGetConfig(&OB);
//  if (OB.RDPLevel != OB_RDP_LEVEL_0) {
//	  while (1) {}
//  }

  if (state == GPIO_PIN_RESET) {
	  HAL_FLASH_Unlock();
	  HAL_FLASH_OB_Unlock();

	  OB.OptionType = OPTIONBYTE_RDP;
	  OB.RDPLevel = OB_RDP_LEVEL_0;

	  if ( HAL_FLASHEx_OBProgram(&OB) != HAL_OK )
	  {
		  HAL_FLASH_OB_Lock();
		  HAL_FLASH_Lock();
		  return HAL_ERROR;
	  }

	  HAL_FLASH_OB_Launch();

	  /* We should not make it past the Launch, so lock
	   * flash memory and return an error from function
	   */
	  HAL_FLASH_OB_Lock();
	  HAL_FLASH_Lock();
	  return HAL_ERROR;
  }

So I have 3 questions:

1) During setting RDP Level 0 in bootloader should I also clear Secure Memory Area Region?

2) Is it possible to change OB using STM32CubeProgrammer when Secure Memory Area is used with RDP Level1?

3) Is there any better aproach to make MCU able to recover after setting Secure Memory Area and RDP1?

Thank you for any help.

Jocelyn RICARD · ‎2024-05-13

Hello @kicur ,

1) Yes. Please check RM0433 Flash bank erase with automatic protection-removal sequence chapter 4.3.10

2) I never rely on STM32CubeProgrammer for H7 secure memory related features ...

3) Here is the code I use to the the regression:

	__HAL_FLASH_CLEAR_FLAG_BANK1(FLASH_FLAG_ALL_ERRORS_BANK1);
	__HAL_FLASH_CLEAR_FLAG_BANK1(FLASH_FLAG_ALL_ERRORS_BANK2);

	HAL_FLASH_OB_Unlock();

	FLASH->OPTSR_PRG = 0x139EAAF0;       /* RDP level 0 */
	FLASH->PRAR_PRG1 = 0x80000FFF;       /* No PCROP */
	FLASH->SCAR_PRG1 = 0x80000FFF;       /* No secure area */
	FLASH->WPSN_PRG1 = 0x000000FF;       /* No WRP */

	if ((error=HAL_FLASH_OB_Launch()) != HAL_OK)
...

I hope this will help

Best regards

Jocelyn

View solution in original post

Pavel A. · ‎2024-05-12

By chance, do you have stepping Y chips?

kicur · ‎2024-05-12

No, this is revision V

Jocelyn RICARD · ‎2024-05-13