Skip to main content
V
Venkatesh-8559
Associate II
February 23, 2026
Solved

STM32L476 OTP area security policy question

  • February 23, 2026
  • 1 reply
  • 244 views

Hello,
I am working with the STM32L476 and would like some clarification regarding the One-Time Programmable (OTP) area.
From the reference manual, I understand that STM32L4 devices provide 1 KB of user OTP memory (128 double words). I would like to better understand the following:
What exactly is stored in the OTP area?


Is the OTP region purely user-programmable, or does ST also store factory calibration or security-related data in this region?


Is OTP used internally by the MCU for enforcing Flash security mechanisms such as RDP, WRP, or PCROP, or is it strictly for user data?


How is OTP protected ?


I am trying to understand the architectural role of OTP in relation to Flash protection and secure boot mechanisms.
Thank you.

Best answer by mƎALLEm

Hello,

Getting back to you regarding this question.

In fact the RDP1 prevents the OTP reading unless the device correctly boots from internal flash. It's not possible to read it out using debug interface. But it remains accessible to user code whatever RDP is set.

PS: which is not the case of G0 products (the thread I have referred above)

Hope that answers your question

1 reply

mƎALLEm
mƎALLEm
Technical Moderator
February 23, 2026

Hello @Venkatesh-8559 and welcome to the ST community,

The OTP area in STM32L476 is a dedicated, user-accessible section of flash for storing immutable data.
It is not used by ST for factory data. Once programmed, OTP data cannot be changed or erased, but it can be read. OTP area can't be read when RDP (Readout Protection) is activated according to the reference manual:

RDP.png

But I need to check internally if that is a typo or not! I will get you back for the right answer. (I'm referring to this thread). internal ticket for follow-up: 227713

Hope that answers your question.

"To give better visibility on the answered topics, please click on ""Accept as Solution"" on the reply which solved your issue or answered your question."
V
Venkatesh-8559Author
Associate II
February 23, 2026

hello @mƎALLEm , OTP area can't be read when RDP (Readout Protection) is activated  is only when booting is from RAM/boot from loader/ or if a debug is detected . but if booting is from flash then we can read OTP area even if RDP is Activated right ??

    mƎALLEm
    mƎALLEm
    Technical Moderator
    February 23, 2026

    Of course it could be read from the application from the flash otherwise it doesn't have sense.

    But need to confirm if the table states the correct policy. I have a doubt the OPT can't be protected by RDP level 1.

    I'm waiting a confirmation from an internal expert.

    "To give better visibility on the answered topics, please click on ""Accept as Solution"" on the reply which solved your issue or answered your question."
    Terms & ConditionsAccessibility statement