The STM32 Series is a popular family of Cortex-M devices by STMicroelectronics. The following article contains information which applies to all members of the product family (e.g. readout protection). Information which is more specific to the respective sub-family(e.g. QSPI programming) is provided in family specific articles.
A list of all ST devices supported by SEGGER can be found here. For further information regarding the STM32 product family, please refer to the website and documentation by STMicroelectronics.
Allow opt bytes device selection
The "allow opt. bytes" device selection is only available for STM32F1 series devices. For later devices, memory mapped programming of the option bytes is not feasible as for some series, the option bytes become valid immediately which would cause immediate connection loss to a device (in case readout protection is enabled) before the option byte programming can be verified.
The STM32 series devices provide option bytes which allow "permanent" configuration as well as readout protection for the device. In order to enable or disable readout protection, a sequence of multiple read / write accesses to special function registers of the STM32 MCU has to be performed. The sequence is different for each sub-family of the STM32 device series and is described in the respective reference manual of the device. A list of example J-Link commander files and J-Flash projects which enable or disable the readout protection of an STM32 device is provided below. Please note that the provided files serves as an example / proof of concept. A user may alter them in order to suit their specific use case, e.g. using smaller timeouts, programming other values, etc.
NOTE: A power-on reset is required when securing the device while a debug probe is connected.
Disabling readout protection
J-Link Commander and J-Flash
J-Link Commander and J-Flash automatically detect secured STM32 devices and ask the user if it should be unlocked. Further information regarding this can be found here: Secured_ST_device_detected
Flasher standalone mode
In order to unlock a STM32 device in stand-alone mode, the unlock sequence needs to be configured in the init steps of the J-Flash project (see examples in the table below).
Restoring factory defaults
The standalone software tool STM32 Unlock can be used to reset the Option Bytes of a STM32 device to factory default settings. STM32 Unlock is part of the J-Link software & documentation pack.
Enabling readout protection
All provided J-Link Commander command files and J-Flash projects set the read out protection to level 1 (ROP == Level 1). In order to set ROP Level 2, the value "0xBB" needs to be changed to "0xCC" where indicated in the command file / Exit steps of the J-Flash project. Please note that ROP Level 2 is permanent and can neither be reverted by SEGGER nor by ST.
Note: Some STM32 devices require a power-on reset if the read out protection is set and the debugger is still connected through JTAG/SWD.
All command files and J-Flash projects have a specific MCU selected. For the sole purpose of locking the device via J-Link commander changing of the device name is not necessary, but it is mandatory to change the device name to the actual device used when using J-Flash or doing any flash programming in J-Link commander.
Please note that securing a device via J-Link command files is limited in a way that interpretation of return values, if / else branches etc. are not available. Therefore, production programming and securing of devices can only be done with J-Flash or the J-Link SDK. In any case, it is the responsibility of the user to verify that the required read out protection is active before the programming device leaves the production facility.
- For further information regarding native support in J-Flash and why native support is no longer implemented for new devices, please refer to this article: MCU_Security_Options