FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32U0: question about RDP regression

RAltm
Senior

‎2025-08-13 4:34 AM

Hello,

I'm not sure if I understand the RDP regression mechanism described on STM32U0 reference manual (RM0503 rev4) correctly. My general understanding is that it's possible to go from RDP2 => RDP1 => RDP0 if the OEM keys are set - if they are not set (all 0's or all 1's) the effect of RDP2 is the same as on devices without RDP regression feature, so the debug port is fully closed and can't be opened anymore.

My confusion comes from the following descriptions of the manual:

  1. RDP level 2 description on page 79 states that the CPU debug port is disabled under reset.
  2. The same description states:
    Once in level 2, it is no more possible to modify the read protection level.
  3. Note 1. on page 80:
    When the protection level 2 is active, the Debug port, the boot from RAM and the boot from system memory are disabled.
  4. Contrarily, OEM RDP lock mechanism description for OEM 1/2 on pages 81 & 82 states that it's possible to go from RDP2/1 to RDP0/1 and states that the keys must be written to the DBGMCU_DBG_AUTH_HOST register by the debug interface under reset.

 

The DBG debug block diagram on page 1246:

RAltm_0-1755080857153.png

To me it looks like the used terms are not detailled enough or mixed. And the statement from #2 above is outdated.

So, just to be sure that I understand it correctly: The part marked red corresponds to the CPU debug port from #1 & #3 and is disabled on RDP2, the green one is the debug interface from #4 above and still (always?) enabled, therefore it allows the regression by the OEM keys? Also, the green one is not available on devices without regression feature, right?

Would be nice if someone can confirm my interpretation of the manual. Additionally, I've the following questions:

  1. As long as the OEM keys are set it's always possible to "rescue" a device?
  2. There's no way to fully disable the SWD interface? The only way to fully disable it is to not program the OEM keys and additionally disable the SWD by software within the application, right?
  3. What's the purpose of the OEM 1 key mechanism? If a RDP2 device is moved to RDP1 by OEM 2 key it should be possible to get to RDP0 without the OEM 1 key, at least according to the documentation. Or does the regression mechanism enforce usage of the OEM 1 key to get from RDP1 to RDP0?

 

Regards

Labels:
0 Kudos
0 REPLIES 0
Top