Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Do not check and lock bootloader sector write protection on every boot [ch17416] #1578
Checking and locking the bootloader sector write protection (if needed) on every boot could be contributing to flash memory corruption, although no testing has shown this to occur. It has only occurred naturally in the wild. See references.
Do not check and lock bootloader write protect on every boot
The idea being that a power glitch could result in the read of sector 0 write protection bits being misinterpreted as unprotected, which would unlock the Option Bytes register to change these bits to be protected. While writing to Option Bytes register, if power is lost or the MCU is reset, this can result in Read Protection level being set to 1. This is fairly well understood and easy to reproduce, so not attempting to write protect the bootloader on every boot is a great mitigation technique to avoiding RPD level 1.
We still do write protect the bootloader at the time of MFG. and also on future bootloader updates. Read Protection level 1 is not really harmful though and the device can function normally (minus debugging tool support in this mode). The real issue is if Read Protection level 1 is subsequently set back to level 0, which causes the MCU to self-mass-erase. This is a fairly difficult thing to do since RDP level 0 requires 0xAA to be written to the Option Bytes register, and is not something done in system firmware anywhere.
Steps to Test
Some bash functions to make working with OpenOCD easier