 Hello and welcome to this presentation of the STM32 System Memories Protection. It will cover the different means for protecting code and or data from external and or internal attacks. Software providers may need to protect their software intellectual propriety from malicious users or from intrusive attacks. For this purpose, STM32WL5 microcontrollers provide several features for protecting code and or data located in either flash memory, SRAM1, SRAM2, or backup registers. These features can prevent the reading or writing of code and or data through the JTAG debugger, end-user code, or SRAM Trojan code. A new protection memory feature is dedicated to the application firmware running on the Cortex-M0 Plus Core. This CPU has an exclusive access to the protected segments. The following means are provided for code protection purposes. Cortex-M0 Plus secure flash memory, SRAM1 and SRAM2. It prevents Cortex-M0 Plus code and data access of application firmware, secure firmware install, and secure boot secure firmware update from being accessed by the user application running on Cortex-M4. RDP, readout protection. It prevents flash memory access through the JTAG for all flash memory areas. PC Rop, proprietary code readout protection. It prevents read access of configurable flash memory areas performed by the CPU, executing malicious third-party code or Trojan horse. WRP, write protection. It prevents accidental or malicious write-erase operations. Cortex-M0 Plus security, RDP, PC Rop, and WRP are configurable via the STM32 WL5 option bytes. The Cortex-M0 Plus security features protect firmware code and data running on this core against user applications running on the Cortex-M4 core. This ensures the secure execution of the secure firmware install or SFI, secure boot secure firmware update or SB SFU, and Cortex-M0 Plus application firmware, as well as preventing debug access to these firmwares. The Cortex-M0 Plus security features are to be enabled when installing the Cortex-M0 Plus application firmware. For a detailed description of Cortex-M0 Plus security protection features or the SFI and SB SFU, please refer to the dedicated modules proposed in this training. Cortex-M0 Plus security protects upper parts of flash SRAM1 and SRAM2 memories. Size of each areas are to be set during Cortex-M0 Plus application firmware installation or update. Secure flash start address or SFSA is the lower boundary of protected flash memory. It is aligned on flash page granularity. Secure backup RAM start address or SB RSA for SRAM2 and secured non-backup RAM start address or SNB RSA for SRAM1 are the respective lower address of protected parts of SRAM2 and SRAM1 memories. Size can be set with a granularity of one kilobyte. Let's take a closer look at the details of the readout protection feature. The STM32WL5 readout protection feature offers three levels of protection for all SRAM2 and flash memory as well as the backup registers. Level zero means no protection. This is the factory default. Read, write and erase operations are permitted in the SRAM2 and flash memory as well as the backup registers. Option bytes are changeable in level zero. Note that PCROP and Cortex-M0 Plus security rules still apply. Level one ensures total read protection of the chip's memories which includes the flash memory and the backup registers as well as a new feature to the STM32 family, the SRAM2 content. Whenever a debugger access is detected or boot mode is not set to a flash memory area, any access to the flash memory, the backup registers or to the SRAM2 generates a system hard fault which blocks all code execution until the next power-on reset. Please note that the option bytes can still be modified in level one. Level two provides the same protection features for the SRAM2, flash memory and backup registers as described for level one. However, there are three major differences. The JTAG SWD debugger connection is disabled even at the ST factory to ensure that there are no back doors. The boot mode is forced to user flash memory regardless of what the boot zero one settings are and level two is permanent. Once set to level two, there is no going back. RWP-WRP option bytes can no longer be changed as well as all the other option bytes. Changing the level of RDP protection is permitted when the current protection level is one. RDP level two is semi-permanent and can only be regressed by the installed secure Cortex-M0 Plus firmware. Changing the RDP protection level from one to zero automatically erases the non-secure part of the flash memory, SRAM2 and backup registers. The secure part of the flash is not impacted and the security remains unchanged. Let's look at the transitions possible between each readout protection level. As already mentioned, STM32 WL5 MCUs have three RDP levels. Level zero means there is no readout memory protection and option bytes can be modified. From level zero, the device can move to level one or level two. Level one ensures the memory readout protection while keeping debug access limited. From level one, the device can move to level zero or level two. Regression to level zero will cause a flash memory mass erase. Level two ensures the readout memory protection the same as level one but also completely disables JTAG SWD debug access. Level two is a semi-permanent state and moving to another RDP level is only possible by the installed secure Cortex-M0 Plus firmware. Caution when regressing level two. There will be no mass erase performed by hardware. It is up to the installed secure Cortex-M0 Plus firmware to erase any sensitive information before regressing the readout protection level. This table summarizes the different types of access authorized for the flash memory, backup registers and SRAM2, according to the readout protection or RDP level one and two configured boot mode and debug access as previously discussed. In summary, when RDP is set to level zero, no protection mechanism is active and all memories can be read and modified. Secure memories and option bytes can only be accessed by the secure CPU2. When RDP is other than level zero, if the device is configured to boot from the user flash memory, then the user flash memory backup registers and SRAM2 can be read or modified regardless of the RDP level. The system flash memory can be read only. The option bytes can only be read by the CPU1 when the RDP is set to level two. The secure CPU can still read and write option bytes. Otherwise, if the device is not configured to boot from the user flash memory or if a debugger access is detected, then almost all memories are not accessible excepted the system flash memory, which can only be read in level one and option bytes which can be read or modified in level one. Let's take a closer look at the details of the proprietary code readout protection or PC Rop and how it's different from RDP. PC Rop means proprietary code readout protection. Why PC Rop? Proprietary code readout protection is basically a way to protect the confidentiality of third-party software intellectual property code independently of the RDP level setting. Third parties may develop and sell specific software IPs for STM32 microcontrollers and original equipment manufacturers may use them when developing their own application code. Proprietary code readout protection helps protect the confidentiality of third-party IPs and protects software intellectual property against malicious users. In other words, PC Rop consists of preventing malicious software or debuggers from reading sensitive code. The protected area is execute only and can only be reached by the STM32 CPU as an instruction code while all other accesses, DMA, debug and CPU, data read, write and erase are strictly prohibited. This means that the code to be protected must be compiled using a specific compiler option. For example, dash execute underscore only for keel tools. The proprietary code readout protected areas in flash memory is defined through the option bytes. The PC Rop feature is improved on the STM32 WL5 devices. Two separate PC Rop areas can now be set independently, each one defined by a start and end address with a granularity of half a flash page. Note that once a PC Rop area is configured, its size can only be increased. Once the PC Rop areas have been defined, the only way to disable this protection feature is to change the RDP protection level from 1 to 0, which erases the flash memory area. The erase policy of PC Rop areas in case of RDP level regression is defined through the PC Rop RDP option bit. By setting the PC Rop RDP bit in the option bytes, the code in the PC Rop areas will not be lost and the protection will not be removed. To further explain the execute only meaning of the PC Rop, the PC Rop is a sub-state of the RDP. The PC Rop is designed to prohibit other code executing on the STM32 from reading the PC Rop protected flash memory area. This is not the same as the RDP where the protection targets external worlds. When the PC Rop is enabled, the AHB only allows the instruction bus to work, so code can only be executed. The data bus can't access that flash memory area. Once the development phase is completed, the PC Rop can then be turned into an RDP setting level 1. In this case, the external world is limited to read only, but the PC Rop settings for specific sectors still applies to all masters trying to read that code. Now let's take a closer look at the details of the write protection settings of the STM32WB. The flash memory write protection mechanism is designed to prevent unwanted write access to defined areas in flash memory, such as secure boot, secure firmware update, or calibration constants that do not change. The write protection areas are defined through the option bytes. The user can define up to two different write protected flash memory areas independently. Each of the two flash memory areas are defined by a start and end address with a flash page granularity. The size of the write areas can be modified whenever the RDP level is not set to level 2, except for the secure Cortex-M0+, which can still modify the WRP even in RDP level 2. Erase operations are treated as write operations on write protected areas, meaning they are not allowed. In addition to this training, you may find these three modules useful.