STMicroelectronics: Securing STM32U0, STM32U3, and STM32U5 Devices with RDP
PEmicro's development tools and production programmers now support Life-cycle management with readout protection (RDP) for the STM32U0, STM32U3, and STM32U5 device families. The RDP mechanism enables secure protection over the devices memory and debug access varying by the RDP level. The protections provided by each RDP level is described in the Table below: The RDP level can be trasitioned to a higher level by programming the RDP value in the user area of the option bytes. Regression of the RDP level can be accomplished by provisioning the OEM password to verify access. This article will explore how this process is handled with our tools. How to Program the OEM Password to enable RDP Regression: The first step to enabling the RDP regression is to configure the OEM password. For RDP level 2 to RDP level 1 regression, the OEM2 Key must be configured or the device will be locked. For RDP level 1 to RDP level 0, the OEM1 Key is required to prevent unwanted regression - however if the OEM1 key is not configured, then the RDP level 1 to 0 regression is always allowed. To program the OEM key, the first step is to CM Choose Module for the target device's option bytes algorithm. Once the algorithm is loaded in PROG or selected for a SAP image, the CU Create/modify user options file command should be selected next to configure the respective OEM key. A new window will appear for configuring the user options file that will detail the option bytes for the respective device. Scroll towards the bottom of this window to find the OEM1KEY and OEM2KEY options. Configure the respective OEM1 and/or OEM2 Keys to the desired password(s) for enabling regression and save the options .OPT file. The next step is to select SU; specify the user option files and choose the recently created .OPT file. Then the PU; Program User Options command should be selected followed by the LO ;Launch Options user command to load the configuration. Note: The OEM keys cannot be verified as the register is always read as 0x0000'0000, so the VU; Verify user options is not neccessary unless other option bytes were also configured. Lastly, the RDP should be configured to the desired protection level with the RP read protection user command. When prompted to enter a level value, select either 0, 1, or 2 for the respective RDP levels. How to Regress the RDP level with the OEM Password: Depending on the current RDP level and target regression, the process is handled slightly differently. For both regressions of RDP level 2 -> RDP level 1 and RDP level 1 -> RDP level 0, the first step is always to configure the password in the security settings. On PROG, this is done in the connection manager under the "Security settings" option. Click "security settings" and enter the respective OEM Key password into the textbox. After selecting OK and closing the security settings, select the checkbox "Mass erase upon connection to target" since the regression erases. On Image Creation Utility, select the target device first and go to the "Power and Communication" tab to configure the Security settings. Select the checkbox and enter the password for the OEM key being regressed. Lastly, the "mass erase upon connection to target" checkbox also needs to be selected. For RDP level 2 to RDP level 1 regression, the only step required to complete the regression is to connect to the target or run this SAP image with the OEM password configured in security settings. Upon connecting, the RDP will be regressed to level 1 and the memory mass erased. For RDP level 1 to RDP level 0 regression, there is an additional step required after connecting. This is to simply set the RDP value back to level 0 and launch the option bytes. To do this, the user command UP Read Unprotect can be used followed by the LO launch option byte user command. Once the user command finished and the option bytes are loaded, the RDP level will be regressed to level 0 with the memory mass erased.
