 Welcome to the first sense on for former protection. The focus of this sense on will be former confidentiality. In this sense on, we're going to build a very simple application and we will program the binary to the board. After that, we will connect to the board using STM32Q programmer and try to read a former content from internal flash. And next, we will set RDP to level one and try to read again the user flash content. At the end, we will make a RDP level regression from 1 to 0 and see the behavior. We will also make a very minor modification of the application and program the new version application to the board. Hardware board to be used for this sense on will be G071RB nuclear board. And apart from that, you will also need to prepare some tools and software. For example, you need to download the hands-on package corresponding to this hands-on. We have some pre-created projects. You don't have to do everything from scratch. And we will also use STM32Q programmer. In terms of IDE, it's OK to use NF3 listed here, IR, KO, QBIDE. We will also need a terminal tool on the PC to get a print message from the board. On my side, I will be using the entire term. For you, you can use any terminal tool on the PC as long as it works. If you have downloaded hands-on package, you should be able to see some project zip files. And the one that we are going to use for this hands-on will be this one, g0app.zip. You can just unzip this project file. And then you will get all the necessary files for the project and you can just build from there. If you have everything ready, then we can start. OK, this is the first hands-on for former protection. We're going to use some project that has been created previously so that you don't need to do everything from scratch. So for this hands-on, if you have downloaded the hands-on package, you should be able to find several zip files for different projects. So for this one, we're going to use this one. If you unzip those files, you should see something like this. And then for this first hands-on, we're going to use g0 and sort app project. So here, in this folder, you will see three projects. It's actually the same project, but using different IDs. So you can choose the one that you like or the one that you have. OK, so just open the project and do a compilation. You can do it on your site. We can take a look at the source code. See what it's doing. This is actually a very simple application. The project is generated from KubeMX. So in this folder, you can also see the KubeMX project file. If you wish, you can also go open this file and go inside to see what is there. It's basically just I create this project using KubeMX and choose the board of g0, 7, 1, RB, new Clio and keep all the default configuration for all the peripherals. So it will generate the base of the project. The only modification I made is the clock frequency. So I changed the clock frequency to make it running at the highest speed for this GIF set. OK, that's it. So it will generate the main code, the BSP, driver initialization code, and so on. On top of that, I just added a few more lines. Here is the com init to initialize the UR port for the print message and then two function calls for initialization of application and the running of application. So this application is also very simple. It's just initialization. It's just a GPIO initialization for the LED4 because we're going to do a GPIO toggle at the end. And in the APP run function, there is a function call to a test. We are not going to use that test right now, but this will be used later on in the bootloader hands-on. So anyway, you can ignore that. There will be some print message coming from this test as well. And after that, it's just an endless loop doing the LED blinking. That's it. So if you have compiled the software, you can just download it to your board. I assume that you have a G071RB nuclear board on your hand. And so before programming to the board, let's connect to it and make sure we have it ready. Let's make sure that check the option byte. Make sure you're in RDP level zero and we remove all the protections. No security memory, okay. No write protection, no PCROP, okay. So now we have the correct option bytes. Then we do a foochie purees, okay. Then we have a clean board right now. Then we can download it either from, you can download the binary either from the IDE or from your Kube programmer. Both should be fine. So after programming, we can connect to the board through the power term just to get the print message coming out of the board. And then we do a reset. So now you can see some messages printed from the application. Right now, you don't see any LED blinking. That is because this test function didn't return yet. You can press X to exit from the test menu. Then LED blinking will start. Okay, then the next practice we're going to do is to set RDP level to one. So we will do it in the Kube programmer. So we set RDP to level one. Before doing that, let's just take a look at the flash content. So right now, if I do a read of the flash starting from the base address of internal user flash, I can read the content. If you make it bigger, you can also read more. You can actually read a full former binary from the flash. Then let's change it to level one. But be careful, don't shoot CC here. Make sure you just choose BB because CC means level two. And you know that level two means JTEC is closed. So you will not be able to connect to your board anymore. So if you don't have a software that is able to update your software, you have a dashboard, you will not be able to connect it anymore. You cannot upgrade. You cannot change the form around on the flash anymore. So be careful, don't choose that. Choose BB, apply. Okay, let's connect and connect again. Now you will see error message saying that data read failed. That's normal, that's expected because that's the purpose of RDP level one. So in this case, you will not be able to read anymore the internal flash content. Actually, you will not be able to erase the content either from JTEC port. For example, if I try to do a sector erase here, there will be an error. Or if I want to do a foochip erase, that's also not possible. Okay, so now at this moment, if I want to change the software on the flash, I want to make a new version. For example, if I can comment out just this line and make a build again, seven. So if I want to download this new version of firmware, the first thing I need to do is to do RDP regression from level one to level zero. So you can do it using the programmer again line. Then now we can read the flash content again, but then you can notice that all the firmware that we previously programmed to the flash is gone. Disappear, because RDP level one to level zero regression will trigger also a mess erase. So the full user flash space will be cleared. Okay, but now we are able to download another version of the software. Okay, let's do it. We can download this new firmware, assuming this is a new version. And then we can reset the board and see the print message. Okay, we reset the board. Then you can see the print message is a little bit different than before. There's no more test menu from the application and the LED four is blinking right away. So if you do a reset, see, okay. So now you know how RDP level one, maybe two also can be used to protect your firmware on the flash from any access from the debug port and how you can do an RDP regression from one to zero. And then you can program another version of the firmware to your board. Let's do a recap of this Samsung. So in this Samsung, you have seen how we can use RDP to protect the firmware confidentiality and what is the effect when RDP is set to level one. What is needed if a new version of firmware need to be programmed to the chip when RDP is already set to level one and how to do RDP level regression from level one to level zero.