Skip to main content
Ernst
Ernst
Associate
September 15, 2022
Solved

Why can't I raise the Read Out protection or disable security bit on my STM32H7B

  • September 15, 2022
  • 1 reply
  • 1254 views

I've tried to configure several security settings from C code for my STM32H7B. I used the example secure bootloader/application which I modified a bit. I was able to enable the security bit and configure a secure memory area in flash block 0.

When starting the JTAG connection is lost. After the booloader part jumps to the application, the JTAG is enabled again.

I can read all the option bytes as expected. The ReadOutProtection level is currently oxAA, so no protection. The security bit is set, as is a secure memory region.

I would like to remove the secure region, so I tried to set the ReadOutProtection to level 0xBB. This however doesn't work. It remains at 0xAA.

I've tried several things. Of course repowering it. Removing the security bit itself. Writing directly to the registers. Removing the security bit using C code from the application.

I am able to update the application part in flash, so it doesn't seem to be a full write protect of the device, only the option bytes can't be written.

Has someone an idea what to check next? If the device is bricked, so be it, but I would like to known why this happened and why I can not raise the ReadOutProtection. I couldn't find anything in the documentation what could prevent the ReadOutProtection to be locked at the lowest level.

Thanks

Edit: Some logging what it's trying to do:

 15:04:08:835 : Time elapsed during the read operation is: 00:00:00.001
 15:04:18:302 : Option byte command : -ob RDP=187 
 15:04:18:379 : PROGRAMMING OPTION BYTES AREA ...
 15:04:18:381 : Database: Config 0 is active.
 15:04:18:381 : Bank : 0x00
 15:04:18:381 : Address : 0x5200201c
 15:04:18:381 : Size : 308 Bytes
 15:04:18:382 : halt ap 0 
 15:04:18:382 : Loader write option bytes...
 15:04:18:382 : Init flashloader...
 15:04:18:382 : halt ap 0 
 15:04:18:383 : run ap 0 
 15:04:18:383 : halt ap 0 
 15:04:18:385 : run ap 0 
 15:04:48:000 : UPLOADING OPTION BYTES DATA ...
 15:04:48:000 : Bank : 0x00
 15:04:48:000 : Address : 0x5200201c
 15:04:48:000 : Size : 308 Bytes
 15:04:48:006 : OPTION BYTE PROGRAMMING VERIFICATION:
 15:04:48:006 : Error: Expected value for Option Byte "RDP": 0xBB, found: 0xAA
 15:04:48:019 : Error: Option Byte Programming failed

This topic has been closed for replies.
Best answer by Ernst

Issue solved with help of ST customer support. Some flash error bits were set, and the flash lock bit wasn't. Fixing this enabled raising the RPD level to level 1, enabling removal of security settings while lowering RDP back to 0 again.

1 reply

Ernst
ErnstAuthorBest answer
Associate
September 19, 2022

Issue solved with help of ST customer support. Some flash error bits were set, and the flash lock bit wasn't. Fixing this enabled raising the RPD level to level 1, enabling removal of security settings while lowering RDP back to 0 again.

Terms & ConditionsAccessibility statement