 Hello and welcome to this presentation of the STM32 System Memories Protection. It will cover the different means for protecting code and or data from external and or internal attacks. Software providers may need to protect their software intellectual property from malicious users or from intrusive attacks. For this purpose, STM32L5 microcontrollers provide several features for protecting code and or data located in either flash memory, SRAM2, or backup registers. These features can prevent the reading or writing of code and or data through the JTAG debugger, end user code, or SRAM Trojan code. In addition to these static memory protections, STM32L5 introduces the support of TrustZone M technology that provides runtime protections between secure and non-secure applications. This slide summarizes the protection mechanisms available in STM32L5. TrustZone M provides runtime protection between secure and non-secure domains. Secure hide protection area, or HDP, is an additional protection level within secure domain that enables the implementation of a secure boot application, for example. Readout protection, or RDP, is a global flash memory protection against external access through the JTAG. And write protection, or WRP, prevents accidental or malicious write-erase operations. All these protections are configurable via the STM32L5 option bytes. Let's take a closer look at the details of the TrustZone M technology. ARM V8M architecture introduces the TrustZone M technology that allows the split of firmware in secure and non-secure domains at runtime level. Switching from one domain to the other is done with few cycle penalties. As an example, secure domain may provide secure services based on cryptography to the user application running in non-secure domain. TrustZone is a system level protection relying on Cortex M33 core, AHB5 bus architecture, and some dedicated hardware blocks. TrustZone technology is compatible with Thread and Handler execution modes. In ARM V6 and ARM V7, two execution modes were supported. In ARM V8M, four execution modes are now available. Thread and Handler modes support privileged non-privileged access to memory mapped resources. Privilege attribute, as secure attribute, is propagated at system level through bus architecture. Hence, it is possible to consider four security levels for different parts of firmware, from secure privilege level to non-secure non-privilege level. With TrustZone technology, two domains coexist at runtime. There are two firmware, one per domain with their own vector tables. At boot, when TrustZone is enabled, the system starts in secure state. Secure firmware can access the whole memory mapped resources from either secure and non-secure domain. Non-secure firmware can only access to non-secure resources. Non-secure firmware can access to secure services only through a specific call gate entry point stored in non-secure callable or NSC areas. TrustZone security is optional and can be activated with an option byte. Once set, the flash is fully secure. Further split between secure and non-secure domain is defined by secure firmware through the configuration of secure attribute unit or SAU and other watermarks registers. Deactivation of TrustZone can only be done during the RDP level regression from level 1 to level 0 with a flash mass erase. Let's take a closer look at the secure hide protection feature. Secure hide protection or HDP is an additional protection mechanism within the TrustZone secure domain. It allows the development of secure application running only once after reset before jumping to user secure application. A typical use case is to provide a secure boot application isolated from the rest of the main application, secure and non-secure. The code embedded in HDP is executed first. At the end of its execution, it jumps to secure user application. The code and data protected can no longer be accessed until the next system reset. Let's take a closer look at the details of the readout protection feature. The STM32L5 readout protection feature offers four levels of protection for all SRAM2 and flash memory as well as the backup registers. Level 0 means no protection. This is the factory default. Read, write and erase operations are permitted in the SRAM2 and flash memory as well as the backup registers. Option bytes are changeable in level 0. Level 0.5 is an additional protection level associated with TrustZone. RDP 0.5 is available only when TrustZone is enabled. Debug of secure domain is forbidden. Only non-secure domain can be accessed for debug. Level 1 ensures total read protection of the chip's memories which includes the flash memory and the backup registers as well as a new feature to the STM32 family, the SRAM2 content. Whenever a debugger access is detected or boot mode is not set to a flash memory area, any access to the flash memory, the backup registers or to the SRAM2 generates a system hard fault which blocks all code execution until the next power-on reset. Please note that option bytes can still be modified in level 1. Level 2 provides the same protection features for the SRAM2, flash memory and backup registers as described for level 1. However, there are two major differences. One, the JTAG SWD debugger connection is disabled even at the ST factory to ensure that there are no backdoors. And two, RDP WRP option bytes can no longer be changed as well as all the other option bytes. RDP level regression is only possible in levels 1 and 0.5. Level 2 is permanent and cannot be modified. Regression from level 1 or level 0.5 to level 0 triggers a flash mass erase as well as backup registers and all SRAMs. Regression from level 1 to level 0.5 when trust zone is enabled triggers an erase of the non-secure domain. Backup registers and SRAMs are fully erased. This slide is a summary of RDP level transitions when trust zone is not enabled. This is the traditional scheme active in all STM32 products based on ARM V6 and ARM V7 architectures. This slide is a summary of RDP level transitions when trust zone is enabled. In addition to levels 0, 1 and 2, there is a 0.5 level for secure only protection against external access. This table summarizes the different types of access authorized when trust zone is not enabled for the different memory types according to the readout protection or RDP level, configured boot mode and debug access as previously discussed. This table summarizes the different types of access authorized when trust zone is enabled for the flash memory and the option bytes according to the readout protection or RDP level, configured boot mode and debug access. This table summarizes the different types of access authorized when trust zone is enabled for the OTP, the backup registers, SRAM 2 and external memory according to the readout protection or RDP level, configured boot mode and debug access. Now let's take a closer look at the details of the write protection settings of the STM32L5. The flash memory write protection mechanism is designed to prevent unwanted write access to defined areas in flash memory, such as the bootloader or calibration constants that do not change. The write protection areas are defined through the option bytes. The user can define up to four different write protection flash memory areas independently, two per bank. Each of the four flash memory areas are defined by a start and end address with a page granularity, four kilobytes. The size of the write areas can be modified whenever the RDP level is not set to level two. Erase operations are treated as write operations on write protected areas, meaning they are not allowed. In addition to this training, you may find these three modules useful.