 Hello and welcome to this presentation of the STM32 System Memories Protection. It will cover the different means for protecting code and data. Memory protections have been designed for different purposes. A read protection, for example, will prevent the dumping of embedded software code through an external access and will protect the developer's intellectual property. A write protection will prevent certain flash areas from being accidentally erased by a load overflow in a software or data update procedure. STM32F7 microcontrollers provide several features for protecting code and data located in flash memory, backup SRAM and backup registers. The following slides will describe the read and write protection features. Readout protection, or RDP, is a global mechanism that prevents external read access to flash memory, backup SRAM and registers. An external access can be gained by using a JTAG connector, a serial wire port, or boot software embedded in SRAM. Three levels of RDP protection are defined, from Level 0, which offers no protection at all, to Level 2, which has full and permanent protection. Protection levels will be described in the following slides. The second kind of memory protection available in STM32F7 is the write access protection. Unlike RDP, write protection is not global but is set on specific memory sectors of the flash memory. Write protection prevents accidental or malicious write or erase operations. Both protection mechanisms are configurable via the STM32F7 option bytes. When the first RDP level, Level 0, is set, the device has no protection. All read or write operations, if no write protection is set on the flash memory or the backup SRAM, are possible in all boot configurations. Flash user boot, debug or boot from RAM. Option bytes are also changeable in this level. Level 0 is the factory default level. In Level 1, read protection is set for the flash memory, the backup SRAM, and the backup registers. In this level, protected memories are only accessible when booting from user flash memory. Whenever a debugger access is detected or boot is not set to a flash memory area, any access to the protected memories generates a system hard fault, which blocks all code execution until the next power on reset. Note that option bytes can still be modified in this level, making it possible to remove the protection. This mechanism is explained in the next slide. We have seen in the previous slide that it is possible to modify option bytes in Level 1. It is then possible to remove the protection by changing the protection level to Level 0. This protection level will cause the flash memory and the backup SRAM to be mass erased. Hence, no sensitive data can be retrieved. Readout protection Level 2 provides the same protection as in Level 1, but the protection becomes permanent. Once the RDP protection is set to this level, there is no way to modify it. No level regression and mass erase mechanism is possible. This level must only be considered in the final product when the development stage is completed. Note that to ensure that there are no backdoors, this protection cannot even be bypassed at ST's factory. This slide shows the possible transitions between each readout protection level. It is always possible to raise the protection level, but regression is only possible between Level 1 and Level 0 with the consequence of a full user flash erase operation. Note that the RDP level is coded in one option byte. Level 0 is coded by an X0AA value, Level 2 is coded by a 0XCC value, and Level 1 is coded by any value other than 0XAA or 0XCC. This table summarizes the different types of access authorized for the flash memory, backup registers and backup SRAM according to the readout protection or RDP level, configured boot mode and with debug access, as seen in previous slides. The write protection protects code and non-volatile data from unwanted or accidental erasure. This protection is only available on the flash memory. Unlike readout protection, the write protection can be set on a selection of flash memory sectors only. There are eight sectors defined in STM32F7. Four sectors of 32 kilobytes, one sector of 128 kilobytes, and three sectors of 256 kilobytes. When a sector is protected, it cannot be erased or programmed. Any attempt to write access to the sector will cause a flash memory error. If at least one sector is write protected, a mass erase of the flash memory cannot be performed. The protection needs to be removed first. Please refer to the flash memory training to learn more about the memory architecture, option bytes and flash operations.