How to read protect STM32 microcontrollers

-

Pretty much all that is needed to enable RDP (read protection) is to enable level 1 of the protection by writing values between 0xAA - 0xCC to a specific register.  


If you are using the STM32 HAL library you can check my integration as part of the function FlashAdapter_setReadProtection and function ActivateProtection.
bool
FlashAdapter_setReadProtection(bool enable) {
bool success = false;
#ifdef STM32H7xx
FLASH_OBProgramInitTypeDef ob_sturct = {0};
HAL_StatusTypeDef status = HAL_ERROR;
HAL_FLASHEx_OBGetConfig(&ob_sturct);
if (enable && ob_sturct.RDPLevel == OB_RDP_LEVEL_0) {
ob_sturct.RDPLevel = OB_RDP_LEVEL_1;
status = ActivateProtection(&ob_sturct, 0, 0);
} else {
ob_sturct.RDPLevel = OB_RDP_LEVEL_0;
status = ActivateProtection(&ob_sturct, 0, 0);
}
if (status == HAL_OK) {
success = true;
}
#endif //STM32H7xx
return success;
}
view raw FlashAdapter_setReadProtection.c hosted with ❤ by GitHub
HAL_StatusTypeDef
ActivateProtection(FLASH_OBProgramInitTypeDef* ob_sturct, uint32_t protect_address_start, uint32_t protect_address_end) {
HAL_StatusTypeDef status = HAL_ERROR;
#ifdef STM32H7xx
/* Bank 1 */
ob_sturct->Banks = FLASH_BANK_1;
ob_sturct->PCROPConfig = OB_PCROP_RDP_ERASE;
ob_sturct->PCROPStartAddr = protect_address_start;
ob_sturct->PCROPEndAddr = protect_address_end;
status = HAL_FLASH_Unlock();
status |= HAL_FLASH_OB_Unlock();
if (status == HAL_OK) {
status = HAL_FLASHEx_OBProgram(ob_sturct);
}
if (status == HAL_OK) {
status = HAL_FLASH_OB_Launch();
}
if (status == HAL_OK) {
HAL_FLASH_OB_Lock();
}
#endif //STM32H7xx
return status;
}
view raw ActivateProtection.c hosted with ❤ by GitHub
After enabling RDP level 1 the whole flash will be read-protected. Once you decide to disable it the whole flash will be wiped out and no one will be able to read your binary.


This is now part of the IMBootlaoder code.
Once when you enable RDP protection all code is protected. The cool thing you can still update your firmware code by using the IMFlahser application, without disabling RDP

You can ignore PCROP (Proprietary code readout protection). It is a cool feature that SMT32 also has, but I'll cover this in some future posts. 

Comments

Post a Comment

Popular posts from this blog

AUTOSAR and CRC calculation

-
Image
If you find yourself reading AUTOSAR document Specification of CRC Routines you are probably looking for a solution on how to implement it in your code. This is short instruction without explaining how CRC works. It includes working CRC code with examples from the mentioned documentation. Explanation of CRC8 CRC 8 it means, the polynomial of CRC is 8 bit long.  Explaining chapter 7.2.1: CRC result width - it is the return value, it says it is 8 bits long Polynomial - this value is used to calculate CRC. In this case, it is 0x1D Initial value - CRC calculation start with this value. It is usually all F's or zeros.  Input data reflection - it says if the data which you want to do CRC need to be reflected or not. Example of data reflection: hex: 0x73 or binary: 1110011, reflected value is: 1100111 or hex 0x67 Result data reflected - same as input data, but the only result is reflected XOR value - result value need to be XOR-ed with this value before...
Read more

Flashing/debugging/running code at external memory in the memory-mapped mode

-
Image
  STM32 microcontrollers have special capabilities running code directly from external flash. To make it possible STM32 made a special set of instructions called memory-mapped mode where the microcontroller is reading instructions from the external flash. Since to read data from an external flash can take some time there is QSPI protocol witch basically four wires used as SPI MISO (Master Input Slave Output) to make throughput 4x time faster than classical SPI.   Figure 1 - Illustration of STM32H750 connected to W25Q128JV 
Read more

PX4 development - building, flashing and debugging with debugger (like a PRO)

-
Image
 This is the next tutorial that brings a bit more expertise into PX4 Autopilot debugging from an embedded software developer perspective. It will explain how to use J-Link debugger to debug PX4 Autopilot code in Eclipse IDE. If you didn't already see the previous tutorial, please go there, first phase of PREPARING is mandatory to be done so we can continue here. Link to previous tutorial: https://igor-misic.blogspot.com/2022/06/px4-development-building-flashing-and.html Everything in this tutorial is tested and reproduced at Kubuntu 22.04 LTS (It works the same for Ubuntu as well).
Read more