How to read protect STM32 microcontrollers

-

Pretty much all that is needed to enable RDP (read protection) is to enable level 1 of the protection by writing values between 0xAA - 0xCC to a specific register.  


If you are using the STM32 HAL library you can check my integration as part of the function FlashAdapter_setReadProtection and function ActivateProtection. After enabling RDP level 1 the whole flash will be read-protected. Once you decide to disable it the whole flash will be wiped out and no one will be able to read your binary.


This is now part of the IMBootlaoder code.
Once when you enable RDP protection all code is protected. The cool thing you can still update your firmware code by using the IMFlahser application, without disabling RDP

You can ignore PCROP (Proprietary code readout protection). It is a cool feature that SMT32 also has, but I'll cover this in some future posts. 

Comments

Post a Comment

Popular posts from this blog

AUTOSAR and CRC calculation

-
Image
If you find yourself reading AUTOSAR document Specification of CRC Routines you are probably looking for a solution on how to implement it in your code. This is short instruction without explaining how CRC works. It includes working CRC code with examples from the mentioned documentation. Explanation of CRC8 CRC 8 it means, the polynomial of CRC is 8 bit long.  Explaining chapter 7.2.1: CRC result width - it is the return value, it says it is 8 bits long Polynomial - this value is used to calculate CRC. In this case, it is 0x1D Initial value - CRC calculation start with this value. It is usually all F's or zeros.  Input data reflection - it says if the data which you want to do CRC need to be reflected or not. Example of data reflection: hex: 0x73 or binary: 1110011, reflected value is: 1100111 or hex 0x67 Result data reflected - same as input data, but the only result is reflected XOR value - result value need to be XOR-ed with this value before...
Read more

Flashing/debugging/running code at external memory in the memory-mapped mode

-
Image
  STM32 microcontrollers have special capabilities running code directly from external flash. To make it possible STM32 made a special set of instructions called memory-mapped mode where the microcontroller is reading instructions from the external flash. Since to read data from an external flash can take some time there is QSPI protocol witch basically four wires used as SPI MISO (Master Input Slave Output) to make throughput 4x time faster than classical SPI.   Figure 1 - Illustration of STM32H750 connected to W25Q128JV 
Read more

PX4 development - building, flashing and debugging without debugger (Arduino developers style)

-
Image
 This is a short tutorial that will explain how to build PX4 Autopilot, flash and debug it at the PX4 FMU (Flight Management Unit) without a debugger. Everything in this tutorial is tested and reproduced at Kubuntu 22.04 LTS (It works the same for Ubuntu as well). Preparation Let's start with cloning PX4 Autopilot > git clone https://github.com/PX4/PX4-Autopilot.git After the repository is cloned make sure you initialize all submodules. You would like to keep using this GIT commands when you jump between branches in PX4, otherwise, you can experience issues like missing modules while building. > cd PX4-Autopilot > git submodule sync > git submodule update --init --recursive And that is it we are almost ready to build our PX4 firmware. You need to know what board (FMU) you possess. Let's guess you have Pixracer. Pixracer is fmu-v4 board. Figure 1 - px4_fmu-v4 board source tree
Read more