Skip to main content
S
shivss
Visitor II
October 2, 2025
Solved

STM32U585I-IOT02A: Unable to revert RDP from DC to AA after password set

  • October 2, 2025
  • 8 replies
  • 547 views

Hello,

I am working with an STM32U585I-IOT02A development board and using STM32CubeProgrammer.
I changed the RDP level to DC and set a password. After that, I am unable to get back to RDP level AA.

  • I tried entering the correct password, but the unlock option does not disable the protection.

  • I also attempted the "unlock RDP1 level" process, but it does not seem to work.

  • Currently, I am unable to flash any code onto the device.

Is there any way to recover the board back to RDP AA level and make it programmable again?
What is the correct procedure to unlock the RDP DC level after a password has been set?

Thanks in advance.

    This topic has been closed for replies.
    Best answer by STackPointer64

    Hello,

    The command showing “unlock successful” actually means the script finished executing; it assumes the user correctly remembers the password used. I understand this can be confusing, so I have escalated the issue to the relevant team for resolution. It is being tracked internally under ticket number 219784.

    Since you have tried all remembered passwords without success, unfortunately, unless you recall the exact password used to lock and unlock RDP1, you will not be able to use the board.

    Best regards,

    8 replies

    S
    STackPointer64
    Technical Moderator
    October 3, 2025

    Hello @shivss, and welcome to ST Community!

    Have you tried following the Knowledge Base article? The same process for regression from level 2 to level 0 can be applied to regression from level 1 to level 0.

    Best regards,

    S
    shivssAuthor
    Visitor II
    October 4, 2025

    Yes, I have already tried following that Knowledge Base article and applied the same procedure, but unfortunately it did not work in my case. The device is still locked and I cannot regress back to RDP AA.

    I also tried using STM32CubeProgrammer in terminal/CLI mode. Below are the logs from the attempt:

    S
    STackPointer64
    Technical Moderator
    October 6, 2025

    Hello @shivss

    I tried reproducing the issue but could not. Here are the steps I tried in STM32CubeProgrammer CLI. Please follow the same steps. If you were not successful in performing RDP regression, try redoing it after booting from Root Security Service (RSS) mode, following the steps detailed in AN5347.

    Best regards,

    S
    shivssAuthor
    Visitor II
    October 12, 2025

    Hi @STackPointer64 ,

    Thanks for the information. The note mentions that a small rework must be done on the Discovery kit (STM32L562E-DK or B-U585I-IOT02A) to boot from RSS, referring to documents [7] or [8]. However, I couldn’t find any details about this rework in the board user manual (UM2839).

    Could you please clarify what specific rework is required or point me to the exact section/document that describes the hardware modification needed to enable RSS boot on the Discovery kit?

    Best regards,

    S
    STackPointer64
    Technical Moderator
    October 13, 2025

    Hello @shivss,

    The rework mentioned involves setting PH3 (BOOT0) to high. In the case of STM32U585I, there is a small switch just above the reset button that you can use to toggle it.

    STackPointer64_0-1760361367367.png

    Best regards,

    S
    shivssAuthor
    Visitor II
    October 14, 2025

    Hi @STackPointer64 

    I set PH3 (BOOT0) to high using the switch above the reset button and confirmed the change. I then tried again, but I’m still getting the same result — it’s not unlocking.

    S
    STackPointer64
    Technical Moderator
    October 14, 2025

    Hello @shivss,

    Are you sure you followed all the steps in AN5347, section 9.1.2? After confirming the changes mentioned, did you remove the IDD jumper (the jumper right above SW1) and put it back to exit from intrusion before performing the regression?

    Best regards,

    S
    shivssAuthor
    Visitor II
    October 15, 2025

    Hi @STackPointer64 

    Yes, I followed the steps as described. Here’s the flow of my testing:

    1. Powered the board and tested all commands (as before).

    2. Powered off the board.

    3. Set the BOOT0 (PH3) pin to high.

    4. Removed the IDD jumper and then placed it back.

    5. Powered the board again.

    6. Retested all the commands — but the result was still the same, it’s not unlocking.

    S
    STackPointer64
    Technical Moderator
    October 15, 2025

    Hello @shivss,

    After thorough retesting and finally reproducing your use case, it appears you are using the wrong OEM1 key to unlock RDP1. Although the command output shows that you successfully unlocked RDP1, you did not. I suggest opening STM32CubeProgrammer, connecting to the board, going to Secure Programming, and trying to recall the passwords you used to lock RDP1 and retrying. Unfortunately, that is the only possible solution.

    Best regards,

    S
    shivssAuthor
    Visitor II
    October 16, 2025

    Hello @STackPointer64 ,

    Thanks for the update. I have a few doubts and follow-up points:

    1. If the OEM1 key is incorrect, could you please clarify how the command still shows “unlock successful”? I’m unable to understand this point.

    2. I have already tried all the passwords I remember, but unfortunately, none of them worked.

    3. Please let me know what options I have now — I really need to continue my development work on this board.

     

    S
    STackPointer64Answer
    Technical Moderator
    October 16, 2025

    Hello,

    The command showing “unlock successful” actually means the script finished executing; it assumes the user correctly remembers the password used. I understand this can be confusing, so I have escalated the issue to the relevant team for resolution. It is being tracked internally under ticket number 219784.

    Since you have tried all remembered passwords without success, unfortunately, unless you recall the exact password used to lock and unlock RDP1, you will not be able to use the board.

    Best regards,

    S
    shivssAuthor
    Visitor II
    October 17, 2025

    Hi @STackPointer64 ,

    Got it, thank you for the clarification. Just to confirm — if I replace the STM32 controller ICs with new ones, would I then be able to use the board again, since the new ICs wouldn’t be locked?

    S
    STackPointer64
    Technical Moderator
    October 17, 2025

    Hello @shivss,

    Yes, that is correct. Changing the locked STM32 controller would allow you to use the board again.

    Best regards,

     

    S
    shivssAuthor
    Visitor II
    October 17, 2025

    Hi @STackPointer64 ,

    Thank you for confirming. I noticed that the board has an X-WIFI-EMW3080B (MXCHIP) module that supports Wi-Fi firmware updates for STM32 boards. Would it be possible to use this module to upload code to the board instead of replacing the STM32 controller?

    Also, in case replacing the controller is the only option, could you please advise on the correct procedure for changing the STM32 IC?

    S
    STackPointer64
    Technical Moderator
    October 20, 2025

    Hello @shivss,

    That is not possible in your situation due to the RDP lock. Also, although the feature is available, it needs to be implemented in your application code. Regarding replacing the STM32 IC, the correct procedure is to replace it with another IC of the same package (UFBGA169). This must be done by a professional to avoid damaging other components on the board.

    Best regards,

     

    S
    shivssAuthor
    Visitor II
    October 21, 2025

    "Ok, understood. I will get a new board since changing the STM32 IC is not possible."

    Terms & ConditionsAccessibility statement