Solved
How to set RDP level2 without a password with STM32_Programmer_CLI
I am using NUCLEO-u5a5zj-q, I tried this:
sru@sru-pqs-dell:~/repos/pqkey$ STM32_Programmer_CLI --connect port=swd index=2 -halt --optionbytes displ -ob nSWBOOT0=0 nBOOT0=1 -lockRDP2 0xFFFFFFFF 0xFFFFFFFF
-------------------------------------------------------------------
STM32CubeProgrammer v2.16.0
-------------------------------------------------------------------
ST-LINK SN : 004900253532510831333430
ST-LINK FW : V3J15M6
Board : NUCLEO-U5A5ZJ-Q
Voltage : 3,28V
SWD freq : 8000 KHz
Connect mode: Normal
Reset mode : Software reset
Device ID : 0x481
Revision ID : Rev X
Device name : STM32U5xx
Flash size : 4 MBytes (default)
Start Address : 8000000
Device type : MCU
Device CPU : Cortex-M33
BL Version : 0x92
Debug in Low Power mode enabled
Core halted
UPLOADING OPTION BYTES DATA ...
Bank : 0x00
Address : 0x40022040
Size : 32 Bytes
[==================================================] 100%
Bank : 0x01
Address : 0x40022068
Size : 8 Bytes
[==================================================] 100%
OPTION BYTES BANK: 0
Read Out Protection:
RDP : 0xAA (Level 0, no protection)
BOR Level:
BOR_LEV : 0x0 (BOR Level 0, reset level threshold is around 1.7 V)
User Configuration:
TZEN : 0x0 (Global TrustZone security disabled)
nRST_STOP : 0x1 (No reset generated when entering Stop mode)
nRST_STDBY : 0x1 (No reset generated when entering Standby mode)
nRST_SHDW : 0x1 (No reset generated when entering the Shutdown mode)
SRAM1345_RST : 0x1 (SRAM1, SRAM3,SRAM4 and SRAM5 not erased when a system reset occurs)
IWDG_SW : 0x1 (Software independent watchdog)
IWDG_STOP : 0x1 (IWDG counter active in stop mode)
IWDG_STDBY : 0x1 (IWDG counter active in standby mode)
WWDG_SW : 0x1 (Software window watchdog)
SWAP_BANK : 0x0 (Bank 1 and bank 2 address are not swapped)
DBANK : 0x1 (Dual-bank Flash with contiguous addresses)
BKPRAM_ECC : 0x1 (Backup RAM ECC check disabled)
SRAM3_ECC : 0x1 (SRAM3 ECC check disabled)
SRAM2_ECC : 0x1 (SRAM2 ECC check disabled)
SRAM2_RST : 0x1 (SRAM2 is not erased when a system reset occurs)
nSWBOOT0 : 0x1 (BOOT0 taken from PH3/BOOT0 pin)
nBOOT0 : 0x1 (nBOOT0 = 1)
PA15_PUPEN : 0x1 (USB power delivery dead-battery disabled/ TDI pull-up activated)
IO_VDD_HSLV : 0x0 (High-speed IO at low VDD voltage feature disabled (VDD can exceed 2.5 V))
IO_VDDIO2_HSLV: 0x0 (High-speed IO at low VDDIO2 voltage feature disabled (VDDIO2 can exceed 2.5 V))
Boot Configuration:
NSBOOTADD0 : 0x100000 (0x8000000)
NSBOOTADD1 : 0x17F200 (0xBF90000)
Write Protection 1:
WRP1A_PSTRT : 0xFF (0x81FE000)
WRP1A_PEND : 0x0 (0x8000000)
UNLOCK_1A : 0x1 (WRP1A start and end pages unlocked)
WRP1B_PSTRT : 0xFF (0x81FE000)
WRP1B_PEND : 0x0 (0x8000000)
UNLOCK_1B : 0x1 (WRP1B start and end pages unlocked)
OPTION BYTES BANK: 1
Write Protection 2:
WRP2A_PSTRT : 0xFF (0x83FE000)
WRP2A_PEND : 0x0 (0x8200000)
UNLOCK_2A : 0x1 (WRP2A start and end pages unlocked)
WRP2B_PSTRT : 0xFF (0x83FE000)
WRP2B_PEND : 0x0 (0x8200000)
UNLOCK_2B : 0x1 (WRP2B start and end pages unlocked)
PROGRAMMING OPTION BYTES AREA ...
Warning: Option Byte: nboot0, value: 0x1, was not modified.
Bank : 0x00
Address : 0x40022040
Size : 32 Bytes
Reconnecting...
Reconnected !
UPLOADING OPTION BYTES DATA ...
Bank : 0x00
Address : 0x40022040
Size : 32 Bytes
[==================================================] 100%
Bank : 0x01
Address : 0x40022068
Size : 8 Bytes
[==================================================] 100%
OPTION BYTE PROGRAMMING VERIFICATION:
Option Bytes successfully programmed
Time elapsed during option Bytes configuration: 00:00:02.127
Lock RDP2 password successfully done
sru@sru-pqs-dell:~/repos/pqkey$ ./status-stm32u5a5 2
+ index=2
+ name=2
+ addr=0x08000000
+ STM32_Programmer_CLI --connect port=swd index=2 -halt --power off index=2 --power on index=2
-------------------------------------------------------------------
STM32CubeProgrammer v2.16.0
-------------------------------------------------------------------
ST-LINK SN : 004900253532510831333430
ST-LINK FW : V3J15M6
Board : NUCLEO-U5A5ZJ-Q
Voltage : 3,28V
SWD freq : 8000 KHz
Connect mode: Normal
Reset mode : Software reset
Device ID : 0x481
Revision ID : Rev X
Device name : STM32U5xx
Flash size : 4 MBytes (default)
Start Address : 8000000
Device type : MCU
Device CPU : Cortex-M33
BL Version : 0x92
Debug in Low Power mode enabled
Core halted
Power OFF...
Drives the target power pin out of the (onboard) ST-Link.
Info: Power ON/OFF maybe not available on your Board [also not available on standalone probes]
Power OFF the board finished with success !
Power ON...
Drives the target power pin out of the (onboard) ST-Link.
Info: Power ON/OFF maybe not available on your Board [also not available on standalone probes]
Power ON the board finished with success !
+ STM32_Programmer_CLI --connect port=swd index=2 -halt --optionbytes displ --blankcheck
-------------------------------------------------------------------
STM32CubeProgrammer v2.16.0
-------------------------------------------------------------------
ST-LINK SN : 004900253532510831333430
ST-LINK FW : V3J15M6
Board : NUCLEO-U5A5ZJ-Q
Voltage : 3,28V
SWD freq : 8000 KHz
Connect mode: Normal
Reset mode : Software reset
Device ID : 0x481
Revision ID : Rev X
Device name : STM32U5xx
Flash size : 4 MBytes (default)
Start Address : 8000000
Device type : MCU
Device CPU : Cortex-M33
BL Version : 0x92
Debug in Low Power mode enabled
Core halted
UPLOADING OPTION BYTES DATA ...
Bank : 0x00
Address : 0x40022040
Size : 32 Bytes
[==================================================] 100%
Bank : 0x01
Address : 0x40022068
Size : 8 Bytes
[==================================================] 100%
OPTION BYTES BANK: 0
Read Out Protection:
RDP : 0xAA (Level 0, no protection)
BOR Level:
BOR_LEV : 0x0 (BOR Level 0, reset level threshold is around 1.7 V)
User Configuration:
TZEN : 0x0 (Global TrustZone security disabled)
nRST_STOP : 0x1 (No reset generated when entering Stop mode)
nRST_STDBY : 0x1 (No reset generated when entering Standby mode)
nRST_SHDW : 0x1 (No reset generated when entering the Shutdown mode)
SRAM1345_RST : 0x1 (SRAM1, SRAM3,SRAM4 and SRAM5 not erased when a system reset occurs)
IWDG_SW : 0x1 (Software independent watchdog)
IWDG_STOP : 0x1 (IWDG counter active in stop mode)
IWDG_STDBY : 0x1 (IWDG counter active in standby mode)
WWDG_SW : 0x1 (Software window watchdog)
SWAP_BANK : 0x0 (Bank 1 and bank 2 address are not swapped)
DBANK : 0x1 (Dual-bank Flash with contiguous addresses)
BKPRAM_ECC : 0x1 (Backup RAM ECC check disabled)
SRAM3_ECC : 0x1 (SRAM3 ECC check disabled)
SRAM2_ECC : 0x1 (SRAM2 ECC check disabled)
SRAM2_RST : 0x1 (SRAM2 is not erased when a system reset occurs)
nSWBOOT0 : 0x0 (BOOT0 taken from the option bit nBOOT0)
nBOOT0 : 0x1 (nBOOT0 = 1)
PA15_PUPEN : 0x1 (USB power delivery dead-battery disabled/ TDI pull-up activated)
IO_VDD_HSLV : 0x0 (High-speed IO at low VDD voltage feature disabled (VDD can exceed 2.5 V))
IO_VDDIO2_HSLV: 0x0 (High-speed IO at low VDDIO2 voltage feature disabled (VDDIO2 can exceed 2.5 V))
Boot Configuration:
NSBOOTADD0 : 0x100000 (0x8000000)
NSBOOTADD1 : 0x17F200 (0xBF90000)
Write Protection 1:
WRP1A_PSTRT : 0xFF (0x81FE000)
WRP1A_PEND : 0x0 (0x8000000)
UNLOCK_1A : 0x1 (WRP1A start and end pages unlocked)
WRP1B_PSTRT : 0xFF (0x81FE000)
WRP1B_PEND : 0x0 (0x8000000)
UNLOCK_1B : 0x1 (WRP1B start and end pages unlocked)
OPTION BYTES BANK: 1
Write Protection 2:
WRP2A_PSTRT : 0xFF (0x83FE000)
WRP2A_PEND : 0x0 (0x8200000)
UNLOCK_2A : 0x1 (WRP2A start and end pages unlocked)
WRP2B_PSTRT : 0xFF (0x83FE000)
WRP2B_PEND : 0x0 (0x8200000)
UNLOCK_2B : 0x1 (WRP2B start and end pages unlocked)
Flash memory blank checking...
[==================================================] 100%
Time elapsed during the blank check operation is: 00:00:00.015
Warning: Flash memory is not empty at 0x08000000.As you can see, the RDP level is still 0 (and later on I could still dump all memories).
On the same board I have been able to set RDP level 2 without password using the GUI version (STM32CubeProgrammer), so the setup was right.