Device no longer boots after setting RDP = 1

Hello,
I have written a custom bootloader for my stm32u5 project and have been testing it for the last few months with multiple working firmware updates.  To give some context, I transfer an encrypted firmware image to an external flash chip over CANfd from the currently running firmware.  The next time the device boots, the bootloader looks for a new encrypted image on the external flash and if found it will decrypt the image, delete the internal flash where the application lives and then flashes the decrypted image. It will then de-init some peripherals and jump to the new application, fairly standard implementation.  All of this has been working flawless until I set RDP = 1(DC) in stm32cubeprog.  Also need to mention that I have set both passwords for RDP regression a while ago, I just have not been setting the RDP level beyond 0.

With RDP = 1 the device will boot as it should, and I can send it a firmware update.  I will power cycle the device and it will perform the firmware update as it should. Everything appears to work as it should, every call to HAL_FLASHEx_Erase and HAL_FLASH_Program return HAL_OK during the update.  However it does not successfully jump to / run the new application, the power draw of the device goes down to the same level as a halted device. 

It appears as if the flash is not being erased, in my bootloader I performed a read after a page erase and it was not 0xFFFFFFFF.  What is preventing an erase with RDP enabled that would otherwise work correctly?