Skip to content

STM32CubeProgrammer

KurfuerstPilz edited this page Feb 26, 2021 · 4 revisions

STM32CubeProgrammer

Warnings about using Read out Protection (RDP) and TrustZone (TZ)

Please note these warnings before you start configuring your board

  • In the Option Bytes configuration, there is a rider called RDP. Do NOT configure RDP to be on level 2, you will not be able to work with the board anymore
  • If you turn RDP on any level higher than 0 you may not be able to configure the board without taking some other steps beforehand. Please read the section about how your board should be configured, or the troubleshooting guide (Disable TrustZone and Read Out Protection) before advancing any further
  • To disable TrustZone with the CubeProgrammer, you need to set RDP to be on level 1 or level 0.5 (exclusively available with TrustZone enabled).

Board Configuration

With TrustZone

Here is the standard configuration of the Option Bytes both of us used during the project. You may fall back to these if you have any trouble downloading or flashing the board with the CubeIDE. Furthermore, there is a label [required] for configurations that are strictly required by documentation. All other configuration are, as far as e can tell, not necessary. Nevertheless, they are documented in case there are unknown dependencies opun these configurations

RDP = AA (Level 0)

BOR_LEV = 0

User configuration

  • nRST_STOP, nRST_STDBY, nRST_SHDW, IWDG_SW, IWDG_STOP, IWDG_STDBY, WWDG_SW all checked
  • SWAP_BANK unchecked; DB256 checked
  • DBANK checked [required]
  • SRAM2_PE, SRAM2_RST both unchecked
  • nSWBoot0 checked [required]
  • nBOOT0 checked
  • PA15_PUPEN checked
  • TZEN checked [required]
  • HDP1EN unchecked, HDP1_PEND with value 0x0 and address 0x08000000 and the same for HDP2EN and HDP2_PEND
  • NSBOOTADD0 with value 0x100000 and address 0x08000000
  • NSBOOTADD1 with value 0x17f200 and address 0x0bf90000
  • SECBOOTADD0 with value 0x180000 and address 0x0c000000
  • BOOT_LOCK unchecked [required]

Secure Area 1

  • SECWM1 PSTRT with value 0x0 and address 0x08000000 [required]
  • SECWM1 PEND with value 0x7f and address 0x0803f800 [required]

Write Protection 1

  • WRP1A_PSTRT with value 0x7f and address 0x0803f800
  • WRP1A_PEND with value 0x0 and address 0x08000000
  • WRP1B_PSTRT with value 0x7f and address 0x0803f800
  • WRP1B_PEND with value 0x0 and address 0x08000000

Secure Area 2

  • SECWM2_PSTRT with value 0x1 and address 0x08040800 [required]
  • SECWM2_PSTRT with value 0x0 and address 0x08000000 [required]

Write Protection 2

  • WRP2A_PSTRT with value 0x7f and address 0x0807f800
  • WRP2A_PEND with value 0x0 and address 0x08040000
  • WRP2B_PSTRT with value 0x7f and address 0x0807f800
  • WRP2B_PEND with value 0x0 and address 0x08040000

Without TrustZone

Other than some missing options and TrustZone being disabled, all configurations mentioned above apply to the NonSecure project

Clone this wiki locally