 Hello, and welcome to this presentation of the STM32 System Memories Protection. It will cover the different means for protecting code and data. Memory protections have been designed for different purposes. A read protection, for example, will prevent the dumping of embedded software code through an external access and will protect the developer's intellectual property. A write protection will prevent certain flash sectors from being accidentally erased by a load overflow in a software or data update procedure. STM32H7 microcontrollers provide several features for protecting code and data located in flash memory, backup SRAM, and backup registers. In addition to these typical memory protections, the STM32H7 also introduces a new mechanism to ensure the safe execution of sensitive firmware. The following slides will describe all these protection features. The following means are provided for code protection purposes. RDP or readout protection. PCROP or proprietary code readout protection. WRP write protection. Secure user memory protection is a new feature of STM32H7 microcontrollers. It ensures the safe execution of sensitive applications in addition to code and data protection. Readout protection or RDP is a global mechanism that prevents external read access to flash memory, the 4 kilobytes of backup SRAM, and backup registers. An external access can be gained by using a JTAG connector, a serial wire port, or the boot software embedded in SRAM. Three levels of RDP protection are defined, from level 0, which offers no protection at all, to level 2, which has full and permanent protection. Protection levels will be described in the following slides. PCROP is a memory access protection against code dumping. It is used to protect the intellectual property of the code. The protected firmware remains executable, but read and write access performed by the CPU executing malicious third-party code, or Trojan horse, are prohibited. The write protection mechanism prevents accidental or malicious write or erase operations. Secure user memory is a flash area with a specific protection mechanism to ensure the safe execution of sensitive firmware in addition to code and data protection. All protection mechanisms are configurable via the STM32H7 option bytes. When the lowest RDP level, level 0, is set, the device has no protection. All read or write operations, if no write protection is set on the flash memory, the backup RAM and the backup registers are possible in all boot configurations. Flash user boot, debug or boot from RAM. Option bytes are also changeable in this level. Level 0 is the factory default level. In level 1, read protection is set for the flash memory, the backup SRAM and the backup registers. In this level, protected memories are only accessible when booting from user flash memory. Whenever a debugger access is detected or boot is not set to a flash memory area, any access to the protected memories generates a system hard fault, which blocks all code execution until the next power-on reset. Note that option bytes can still be modified in this level, making it possible to remove the protection. This mechanism is explained in the next slide. We have seen in the previous slide that it is possible to modify option bytes in lesson 1. It is then possible to remove the protection by changing the protection level to level 0. This protection level regression will cause the flash memory and the backup SRAM to be mass erased. Flash areas protected by PC-ROP or configured as secure user memory can be erased or left unchanged, depending on their erase policy configuration. Readout protection level 2 provides the same protection as in level 1, but the protection becomes permanent. Option bytes cannot be modified, so once the RDP protection is set to this level, there is no way to modify it, and level regression with mass erase mechanism is no longer possible. This level must only be considered in the final product when the development stage is completed. Note that to ensure that there are no back doors, this protection cannot be bypassed even at the ST factory. This slide shows the possible transitions between each readout protection level. It is always possible to raise the protection level, but regression is only possible between level 1 and level 0 with the consequence of a full user flash erase operation. Note that the RDP level is coded in one option byte. Level 0 is coded by an X0AA value, level 2 is coded by a 0XCC value, and level 1 is coded by any value other than 0XAA or 0XCC. This table summarizes the different types of access authorized for the flash memory, backup registers, and backup SRAM according to the readout protection or RDP level, configured boot mode, and with debug access, as seen in previous slides. PCROP means proprietary code readout protection. Third parties may develop and sell specific software IPs for STM32 microcontrollers, and original equipment manufacturers may use them when developing their own application code. In order to protect the software intellectual property or IP, the code must not be copied or read. The PCROP's purpose is to protect the confidentiality of third-party software intellectual property code against malicious users independently of the RDP level setting. The protected firmware can only be executed by the Cortex-M7 core. Any other access, DMA, debug, and data read, write, and erase is strictly prohibited. The Cortex-M4 core can never access the protected area even for code execution. To be compliant with this constraint, the firmware must be compiled with appropriate compilation option. For example, dash execute underscore only for keel tools. The proprietary code readout protected areas in flash memory are defined through the option bytes. One PCROP area per bank can be defined. Each area is configured with a granularity of 256 bytes and can be set from 512 bytes up to the full bank. The areas are protected against access through the data bus. Only the instruction bus of the Cortex-M7 core can access the protected sector for code execution. Note that sectors protected with the PCROP feature are also protected against write access, offering protection against unwanted sector write or erase operations. Removing PCROP protection can only be done by an RDP level regression from level 1 to level 0. When executed, this mechanism triggers a full mass erase of the flash memory. The write protection protects code and non-volatile data from unwanted or accidental erasure. This protection is only available on the flash memory. The write protection can be set on a selection of flash memory sectors only. There are 8 sectors of 128 kilobytes per bank defined in STM32H7 microcontrollers. When a sector is protected, it cannot be erased or programmed. Any attempt to write access the sector will cause a flash memory error. If at least one sector is write protected, a mass erase of the flash memory cannot be performed. The protection needs to be removed first. Some secure applications require data and code protection as well as safe execution. Examples of such secure applications are a secure firmware update or user secure boot with specific startup procedures. These applications may manipulate secret data such as cryptographic keys and their execution must not be interrupted by a malicious process that could access sensitive data. The STM32H7 introduces the secure user memory protection feature that makes it possible to develop such applications. The secure user memory is a configurable part of the flash memory. It is accessible only once after reset and allows execution of sensitive firmware before any other process. Once closed, the area remains inaccessible by any means. Secure user memory access is granted after a system reset. The secure firmware is embedded in this area and if the boot address is correctly set, it will be executed before the main user application. The protected area remains open during firmware execution. Once completed, the firmware closes the area and jumps to the main application. The protected area is closed until the next system reset and the secure firmware and its data are inaccessible. Secure user memory is never reachable by the Cortex-M4 core or through the debug port. The STM32H7 offers advanced secure services available in a specific mode called secure access mode. This mode gives access to ST Root secure services or RSS that are detailed in another module and to the secure user memory feature. These secure services are embedded in the system flash memory. This mode is a device configuration set by option bytes. It can be set with no restriction but cannot be unset unless there is no more protected area in the flash memory. A flash mass erase is then required before resetting the device's secure access mode. Once in secure access mode, the secure user memory can be configured. One secure user memory can be set per flash bank. The area can be set from 512 bytes to full bank with a granularity of 256 bytes. A dedicated Root secure service must be called for protection initialization. The secure user memory can be reset by a flash mass or bank erase. A flash mass erase operation can be triggered by an RDP level regression from RDP1 to RDP0. This slide summarizes the different flash memory protections. Protected areas can only be accessed by the Cortex-M7 core according to their specific behavior. Root security services and secure user memories are accessible in secure access mode only. Access to any protected area is prohibited for the Cortex-M4 core and debug ports. Please refer to the flash memory training to learn more about the memory architecture, option bytes and flash operations.