It seems the flash programming algorithm is a piece of code that is downloaded into the SRAM and executes from there.
But how does it get started if there is nothing yet in the vector table at 0? If the flash is erased then everything in the vector table at zero will be 0xFFFFFFFF, so how does it start executing the algorithm in RAM? (which is at 0x20000000 for example)
I want to know because I want to be able to boot from RAM as well.
Mine doesn't have that BOOT0/1 feature
But going back to the original question. None of these answers explain how a vanilla M3 microcontroller is first flashed. Initially the flash is all F's. To attach JTAG and fiddle with the PC to make it point to the flash programming algorithm downloaded in SRAM you have to first take it out of reset. But by then it has already started executing the erased flash, so it fetches a stack pointer of FFFFFFFF and a reset vector of FFFFFFFF both of which will probably make it go off in the weeds. Now maybe the debugger can use JTAG to recover from the fault but this seems a very messy way of doing the most fundamental thing to start using a flash-based M3.
Starting a device via JTAG is a messy process. If the processor is starting from a blank flash it's going to fault very quickly. Code can be injected into RAM, PC/SP set up, breakpoints/watchpoints set, it doesn't need to be reset again. JTAG can modify the internal state of the processor.
Most devices have an Internal ROM which can be mapped at zero.
-> Mine doesn't have that BOOT0/1 feature <-
What M3 MCU do you use?
It's an M3 embedded in a much larger ASIC, not a stand-alone MCU chip