1. RDP level management
The STM32U3 silicon device life cycle is based on the RDP mechanism implemented for the flash interface
as specified in the STM32U3 reference manual (RM0487[1], section 3.10.1 Life cycle management with readout protection (RDP)).
| RDP protection level | Debug | Comments |
|---|---|---|
| Level 0: device open | Secure and
nonsecure |
Boot address must target a secure area when Arm® TrustZone® is enabled (secure SRAM, secure flash memory, or Root Security Services in system flash memory).
Both OEM1 and OEM2 unlocking keys can be provisioned in the flash memory user options. |
| Level 0.5(1): device partially closed | Nonsecure only | Boot address must target a secure area when TrustZone is enabled (secure user or system flash memory). Boot on SRAM is not permitted. Access to nonsecure flash memory is allowed when debug is connected. Both OEM1 and OEM2 unlocking keys can be provisioned in the flash memory user options. |
| Level 1: device memories protected | Nonsecure only (conditioned) | Boot address must target the secure user flash memory. Accesses to nonsecure flash memory, encrypted flash memory, SRAM2, and backup registers are not allowed when debug is connected. Both OEM1 and OEM2 unlocking keys can be provisioned in the flash memory user options. |
| Level 2: device closed | None | The boot address must target the user flash memory. The flash memory user option bytes are read-only, so RDP level 2 cannot be changed, unless the OEM2 unlocking key is activated. |
1. Only applicable when TrustZone security is activated in the product.
The figure below illustrates the level transitions:
As shown in the previous figure, the regressions can be conditioned to dedicated 128-bit password keys, if provisioned by the OEM. Refer to the RDP password regression section below. Moreover, the user flash memory can be erased, either partially or fully.
During the regression from RDP level 1 to RDP level 0.5, only nonsecure embedded flash memory is erased. This keeps functional elements such as the secure boot and the secure firmware update.
During the regression from RDP level 1 to RDP level 0, the full embedded flash memory is erased. In all regressions from level 1, the OTP area in the flash memory is kept, all SRAMS and targeted device secrets are erased. Hence, no secrets must be stored in the OTP as they are revealed after a regression to RDP level 0.
The regression from RDP level 2 to 1 does not erase the application code, nor does it change the RDP level 1 protections in place.
2. RDP password regression
Two 128-bit passwords (OEM1KEY and OEM2KEY) can be defined in order to lock the RDP regressions. When OEM1KEY (resp. OEM2KEY) is provisioned, the OEM1LOCK (resp. OEM2LOCK) is set.
The OEM2 RDP lock mechanism is active when the OEM2LOCK bit is set. It allows the following actions:
- Block RDP level 1 to RDP level 0.5 regression.
- Authorize RDP level 2 to RDP level 1 regression.
When the lock mechanism is not activated (OEM2LOCK = 0), the following happens:
- The regression from RDP level 1 to RDP level 0.5 is always granted.
- The regression from RDP level 2 to RDP level 1 is never granted.
The OEM1 RDP lock mechanism is active when the OEM1LOCK bit is set. It blocks the RDP level 1 to RDP level 0 regression. When the lock mechanism is not activated (OEM1LOCK = 0), the regression from RDP level 1 to RDP level 0 is always granted.
Caution: Once set, the RDP transition with OEM keys mechanism cannot be disabled. This means that the OEM keys can be modified, but never cleared.
The use of the two OEM password is further described in the table below:
| OEM1 password options | OEM2 password options | ||||
|---|---|---|---|---|---|
| OEM1LOCK | Initial RDP level | RDP regression | OEM2LOCK | Initial RDP level | RDP regression |
| 1 | 1 | Regression to level 0
possible only through OEM1 unlock sequence. |
1 | 1 | Regression to level 0.5 possible only
through OEM2 unlock sequence. |
| 2 | Automatic regression to level 1 triggered
upon successful OEM2 unlock sequence. | ||||
| 0 | Regression to level 0.
always granted |
0 | 1 | Regression to level 0.5 always granted. | |
| 2 | Regression to level 1 never granted.
RDP remains a permanent state. | ||||
For more information on the RDP regression with the OEM key, refer to the STM32U3 reference manual (RM0487[1], section 7.6.2 Readout protection (RDP)).
3. References