Hi all,
I'm currently working on stm32f4xx controller, i need to protect the flash memory, so i used RDP as stated below, its worked and flash memory was not readable, but after that i was not able to re-program the flash using ULINK Pro or Ulink Me, can you please suggest best way to overcome this.
//HAL_FLASH_Unlock(); HAL_FLASH_OB_Unlock(); FLASH_RDP.RDPLevel = OB_RDP_LEVEL_1; FLASH_RDP.OptionType = OPTIONBYTE_RDP; HAL_FLASHEx_OBProgram(&FLASH_RDP); HAL_FLASH_OB_Launch(); HAL_FLASH_OB_Lock(); HAL_FLASH_Lock();
Thanks.
Find "STM32F40xxx_41xxx_OPT.s" in Keil directory. Create project, add this file, set OptionBytes (in "creator" in .s file) and program it by ULink.
Hi, thanks for your input, we tried this already.
As RDP is set to level 1, the debug was limited and its not allowing us to flash it again.
No one is talking about flashing (maybe because it's locked so useless for now). You ONLY have to write OptionBytes. It means - you have to program register value to specific location using ULink. To bo honest... it's in Keil examples ;)
(everything for STM32F4xx!) Short version of .s file:
FLASH_OPTCR EQU 0x0FFFAAEC AREA |.ARM.__AT_0x1FFFC000|, CODE, READONLY DCD FLASH_OPTCR AREA RESET, DATA, READONLY END
Scatter file:
LR_IROM2 0x1FFF7800 0x00000210 { ; load region size_region ER_IROM2 0x1FFF7800 0x00000210 { ; load address = execution address *.o (RESET, +First) } }
Also you have to select correct "Programming Algorithm" in ULink settings.
I have special projects to unlock devices in this way. This is for STM32F4: xyzyk.dyndns.org/.../OptionBytes_Clear_STM32F4xx.rar
Thanks, it not worked out.
As per app note: "When the read protection level 1 is activated, no access (read, erase, and program) to Flash memory or backup SRAM can be performed via debug features such as Serial Wire or JTAG, even while booting from SRAM or system memory bootloader"
We were flashing via JTAG port using Ulink pro debugger, hence its not able to access flash memory.
So, as Clive1 said, use an ST-Link with the ST-Link Utility to clear the RDP.
You can probably also do that with a Segger JLink ...
Heh... "It is critically important that you are sharper than the people who might hack your device"
I gave you working example. I'm using it so I'm sure it works. This text from manual has noting to OptionBytes (really, see NEXT page *1).
(*1) STM32F4xx Reference Manual: page 94 (3.7.3, "Table 17. Access versus read protection level") Access to Read/Write/ERase to "Main Flash Memory and Backup SRAM" in Level 1 is disabled. Next row: "Option Bytes" - in Level 1 you CAN Read/Write/Erase. If you cannot erase that OptionBytes, maybe you set Level 2.
Thanks for your help, its worked, the problem with programming algorithm, i didn't selected the option bytes.
Hi,
Can you post the fixed programming algorithm?
This is a 3 year old thread, perhaps start a new one, with a better defined question?
RDP locks down the device precluding external access to the FLASH
Doing a Mass Erase, or changing the Option bytes, in effect causing such an erase, is the way to recover the device but not the content.
If you selected RDP 2 it is basically GAME OVER
If you have code in your system to LOCK the device, add complementary code to UNLOCK it. Yes it will erase itself, but might be less annoying than using third party tools and methods to clear the settings, especially if access is limited to reduce the attack surface.