Embedded Flash memory (FLASH)
RM0453
118/1454
RM0453 Rev 2
The system memory area is read accessible whatever the protection level. It is never
accessible for program/erase operation.
Level 0: no protection
Read, program and erase operations into the main Flash memory area are possible. The
option bytes, SRAM2 and backup registers are also accessible by all operations.
Level 1: readout protection
This is the default protection level when the RDP option byte is erased. It is defined as well
when the RDP value is at any value different from 0xAA and 0xCC, or even if the
complement is not correct.
•
User mode
The code executing in user mode (Boot Flash) can access the main Flash memory,
option bytes, SRAM2 and backup registers with all operations.
•
Debug, boot RAM and bootloader and SFI/RSS modes
In debug mode or when the code is running from boot RAM or bootloader or SFI/RSS,
the main Flash memory, backup registers (RTC_BKPxR in the RTC) and SRAM2 are
totally inaccessible. In these modes, a read or write access to the Flash memory
generates a bus error and a hard fault interrupt.
Caution:
In case the level 1 is configured and no PCROP areas are defined, it is mandatory to set
PCROP_RDP bit to 1 (full mass erase when the RDP level is decreased from level 1 to
level 0). In case the level 1 is configured and a PCROP area is defined, if the user code
needs to be protected by RDP but not by PCROP, it must not be placed in a page containing
a PCROP area.
Level 2: no debug
In this level, the protection level 1 is guaranteed. In addition, the CPU1 and CPU2 debug
port, the boot from RAM (boot RAM mode) and the boot from system memory (bootloader
mode) are no more available. Boot in SFI/RSS mode is still possible. When not needed, this
can be disabled by locking CPU2 boot in C2BOOT_LOCK. In user execution mode (boot
FLASH mode), all operations are allowed on the main Flash memory. On the contrary, only
read and secure write operations can be performed on the option bytes. Option bytes, can
only be programmed and erased by a secure CPU2.
When the system is non-secure (ESE = 0), the level 2 cannot be removed at all. It is an
irreversible operation. When attempting to modify the options bytes, the protection error flag
WRPERR is set in FLASH_SR and FLASH_C2SR, and an interrupt can be generated.
Note:
The debug feature is also disabled under reset.
STMicroelectronics is not able to perform analysis on defective parts on which the level 2
protection has been set and the system is non-secure (ESE = 0).
Change the readout protection level
It is easy to move from level 0 to level 1 by changing the value of the RDP byte to any value
(except 0xCC). By programming the 0xCC value in the RDP byte, it is possible to go to
level 2 directly from level 0 or from level 1. Once in level 2 and the system is non-secure
(ESE =0 ), it is no more possible to modify the readout protection level.
When the RDP is reprogrammed to the value 0xAA to move from level 1 to level 0, a mass
erase of the main Flash memory is performed if PCROP_RDP is set in