 Redirect protection. Redirect protection is a global flash memory protection allowing the embedded firmware code to be protected against copy, reverse engineering, deping using debugging tools or call injection in SRAM. What is intense? I can just sum up to say that you protect the flash contents from being accessed thanks debugging link or SRAM with code injection. So, RDP applies to all STM32 to protect the main flash memory and also the option byte modification, but this is only on level 2. I will discuss the different RDP level after. Depending on the STM32 series, we've got additional protection. For the backup registers, for example, from the backup SRAM, the SRAM2 and sometimes also the CCM SRAM, this is particular to the G4. Details should be checked in the reference manual for sure. Most of the SCM32 have three levels of readout protection, level 0, level 1, level 2. On the STM32 F1, we only have one level of RDP. On the L5, we've got an additional level which is associated with trace zone. I will cover this level in the trace zone part. Let's see the different levels. First, the readout protection, level 0. That means no protection at all. This is factory D4. That means when you receive a chip, it is in a readout protection, level 0. So here, I would say everything is possible. You can read, write, erase, on flash memory or the SRAM on the backup registers. Option byte is always possible. Your device is open. Let's move to the next level. If I switch to the level 1, two cases. First, if the boot mode is user flash, that means I don't use the embedded boot loaders. And if there is no debugging access, then I can read, write, it's possible on the flash memory, on SRAM and backup registers. This means the core can do this. Option byte can build change. So the change of the option byte is still possible via the embedded boot loaders. But thanks to the embedded boot loaders, you won't manage to access the flash. So this is the second case. If you are booting from the embedded boot loaders, that means you are not in the user flash, or if the debugger is activated, then read, write, erase to the flash memory, SRAM and backup registers are blocked. So SRAM on the backup register is specific to some family. But option byte is still possible. That means when you are in level 1, you can't access anymore the flash content via embedded boot loaders or via debugging link. This means the memory protected flash backup SRAM for the backup and SRAM is specific to each family. Read out prediction level 2. You've got all the previews of the level 1, then you have some additional. You can boot from the embedded boot loader. Now you can only boot from the user flash memory. No more debugging link. You can connect to the device. Option byte can't be changed anymore. And when I say option byte, I mean all the option bytes, whatever the protection, whatever they configure. No ADP regression is possible. That means it's terminal state. You can come back to the level 1. So here you lock your device. So if we are talking about the different transition of ADP level, at the beginning you are at level 0, you can move to level 1. But if you do a regression from the level 1 to the level 0, this will imply a flash memory mass errors. This is automatically and this can be removed. From the level 0 and from the level 1, you can move to the level 2. But this is a final and permanent state. I mean you can't come back or do a regression to level 1. So take care about this. A first tip. At support level, we receive many requests say I moved to ADP level 1 and now my code is not running. In fact, on the activation of the ADP, a full power cycle is needed. Sometimes just a transition from the low power to standby to run state is enough. But it's to be checked in the reference panel. This should be taken into account when you think about your board. Imagine you've got a soldered battery and it could be difficult to do a full power cycle. So keep in mind, on activation of the ADP, a full power cycle is often needed. Other tips or I will say other things to think about. When you are in ADP level 1, you can still connect with the debugger and you can still see some SRAM. Depending if it's protected or not. But on many, many devices, you can connect and see the SRAM. You can also see the peripheral register. So here it just from the security point of view. Imagine you've got a software that's just doing a CRC of the flash content. So it will take each part of the flash and compute a CRC. That means it could be possible that all the content of the flash will be in the SRAM at a moment or another. So if I connect during this process, I will be able to find what is inside the flash. One possible would be to remove the GPIO of the SWD or GTAC during this operation. But the problem, we can still connect under reset. That means if I connect at a good timing, I stop the execution and I reset. It will be done automatically. Then I can see the content of the SRAM because the SRAM content is not errors during a reset. So that means I can manage to find the content of the SRAM. So how could I prevent such kind of things? The first one could be to introduce a values daily in the code detection. That way we never know exactly when you are doing such kind of operation. So it's difficult to do the connect under reset at a good timing. Another possibility when you have to do something quite sensitive, not a CRC but I will say some crypto operation, you can try to write a code that only uses CPU registers. This one can't be accessed. ADP summary. So ADP level 0, open device, no protection at all. On ADP level 1, the flash, sometimes the backup on some SRAM memory can be secure. All the rest is not. That means you can still modify the option byte. You can access the peripheral register and you can access some SRAM often. On the ADP level 2, option byte are frozen. Firmware update is still possible but that means you think about it before and put an embedded in application programming. Because only the core could arise on the right in the flash. It's a high constraint. I mean no error, no return mode analysis. If you got an issue with your board on the field, ST can't even reopen this ADP level 2. We can dump the flash contents. So quite difficult. So I will say the level 2 is the most secure one but it has got the constraint that you really close your device. Regarding the availability of these features, nearly all except the F1 who only have one level of ADP so it's really to take care about this. I don't talk about the full features so I prefer to leave it that way. Now I think to ensure you will understand the purpose on how it works. I propose to do it hands-on.