Difference between revisions of "ST STM32"

From SEGGER Wiki
Jump to: navigation, search
(Enabling readout protection)
(Device Table)
(31 intermediate revisions by 4 users not shown)
Line 1: Line 1:
__TOC__
 
 
 
 
The STM32 Series is a popular family of Cortex-M devices by STMicroelectronics.
 
The STM32 Series is a popular family of Cortex-M devices by STMicroelectronics.
 
The following article contains information which applies to all members of the product family (e.g. readout protection).
 
The following article contains information which applies to all members of the product family (e.g. readout protection).
 
Information which is more specific to the respective sub-family(e.g. QSPI programming) is provided in family specific articles.
 
Information which is more specific to the respective sub-family(e.g. QSPI programming) is provided in family specific articles.
   
A list of all ST devices supported by SEGGER can be found [https://www.segger.com/jlink_supported_devices.html?m=ST#sel here].
+
A list of all ST devices supported by SEGGER can be found [https://www.segger.com/supported-devices/st here].
 
For further information regarding the STM32 product family, please refer to the website and documentation by STMicroelectronics.
 
For further information regarding the STM32 product family, please refer to the website and documentation by STMicroelectronics.
   
  +
__TOC__
= MCU Security =
 
  +
== Device specific connect ==
  +
To provide the best debugging experience for the most common setups, a device specific connect is implemented for the STM32 devices.
  +
If for some reason this device specific connect causes issues for a certain setup, users can [[J-Link_script_files#Overriding_device_specific_connect | override the device specific connect]].
  +
=== Debug registers ===
  +
The STM32 devices come with multiple debug registers (DBG / DBGMCU).
  +
Some of these registers are written by J-Link during connect, to provide a good debugging experiance:
  +
* Enabling watchdog timer freeze on debug halt.
  +
* Enabling debugging during Sleep, Standby & Stop modes.
  +
{{Note|1=
  +
*The used registers will be reset to their reset value on disconnect.
  +
*The J-Link expects that these registers are written by J-Link only and '''not''' by the target application!
  +
}}
  +
=== Device security ===
  +
On connect, the device security is checked. If security is set (and recoverable) the user is asked if they want security to be lifted. If the user agrees, security is lifted by J-Link (if possible).
  +
{{Note|1=
  +
* The device is briefly halted while checking security. This is done because in some cases, device security might be detected wrongly while the device is running.
  +
* In most cases, unsecuring the device causes a mass erase of the flash.
  +
* It is possible to save the selection of the unlock dialog. To reset this, please refer to: [[UM08001_J-Link_/_J-Trace_User_Guide#Reset_unlock_message_box | Reset unlock message box]].
  +
}}
   
  +
== MCU Security ==
== Allow opt bytes device selection ==
 
  +
=== Allow opt bytes device selection ===
The "allow opt. bytes" device selection is only available for STM32F1 series devices. For later devices, memory mapped programming of the option bytes is not feasible as for some series, the option bytes become valid immediately which would cause immediate connection loss to a device (in case readout protection is enabled) before the option byte programming can be verified.
 
  +
The "allow opt. bytes" device selection is only available for STM32F1 series devices.
  +
For later devices, memory mapped programming of the option bytes is not feasible as for some series, the option bytes become valid immediately which would cause immediate
  +
connection loss to a device (in case readout protection is enabled) before the option byte programming can be verified.
   
 
The STM32 series devices provide option bytes which allow "permanent" configuration as well as readout protection for the device.
 
The STM32 series devices provide option bytes which allow "permanent" configuration as well as readout protection for the device.
Line 19: Line 38:
 
A list of example J-Link commander files and J-Flash projects which enable or disable the readout protection of an STM32 device is provided below.
 
A list of example J-Link commander files and J-Flash projects which enable or disable the readout protection of an STM32 device is provided below.
 
Please note that the provided files serves as an example / proof of concept. A user may alter them in order to suit their specific use case, e.g. using smaller timeouts, programming other values, etc.
 
Please note that the provided files serves as an example / proof of concept. A user may alter them in order to suit their specific use case, e.g. using smaller timeouts, programming other values, etc.
  +
{{Note|1=
  +
A power-on reset is required when securing the device while a debug probe is connected.
  +
}}
   
== Disabling readout protection ==
+
=== Disabling readout protection ===
  +
==== J-Link Commander and J-Flash ====
 
=== J-Link Commander and J-Flash ===
 
 
J-Link Commander and J-Flash automatically detect secured STM32 devices and ask the user if it should be unlocked. Further information regarding this can be found here: [[Secured_ST_device_detected]]
 
J-Link Commander and J-Flash automatically detect secured STM32 devices and ask the user if it should be unlocked. Further information regarding this can be found here: [[Secured_ST_device_detected]]
  +
==== Flasher standalone mode ====
 
=== Flasher standalone mode ===
 
 
In order to unlock a STM32 device in stand-alone mode, the unlock sequence needs to be configured in the init steps of the J-Flash project (see examples in the table below).
 
In order to unlock a STM32 device in stand-alone mode, the unlock sequence needs to be configured in the init steps of the J-Flash project (see examples in the table below).
  +
==== Restoring factory defaults ====
 
=== Restoring factory defaults ===
 
 
The standalone software tool STM32 Unlock can be used to reset the Option Bytes of a STM32 device to factory default settings.
 
The standalone software tool STM32 Unlock can be used to reset the Option Bytes of a STM32 device to factory default settings.
 
STM32 Unlock is part of the [https://www.segger.com/jlink-software.html J-Link software & documentation pack].
 
STM32 Unlock is part of the [https://www.segger.com/jlink-software.html J-Link software & documentation pack].
   
== Enabling readout protection ==
+
=== Enabling readout protection ===
  +
All provided J-Link Commander command files and J-Flash projects set the read out protection to level 1 (ROP == Level 1).
 
All provided J-Link Commander command files and J-Flash projects set the read out protection to level 1 (ROP == Level 1).
 
 
In order to set ROP Level 2, the value "0xBB" needs to be changed to "0xCC" where indicated in the command file / Exit steps of the J-Flash project.
 
In order to set ROP Level 2, the value "0xBB" needs to be changed to "0xCC" where indicated in the command file / Exit steps of the J-Flash project.
 
Please note that ROP Level 2 is permanent and can neither be reverted by SEGGER nor by ST.
 
Please note that ROP Level 2 is permanent and can neither be reverted by SEGGER nor by ST.
   
  +
=== Device Table ===
 
{| class="wikitable"
 
{| class="wikitable"
 
|+STM32 series overview
 
|+STM32 series overview
 
! Sub-Family
 
! Sub-Family
 
! Core
 
! Core
! J-Link Commander and J-Flash:<br> native Unlock support
+
! J-Link Commander and J-Flash:<br>native Unlock support
! J-Link Commander:<br> Lock via commanderfile
+
! J-Link Commander:<br>Lock via [[J-Link_Commander#Using_J-Link_Command_Files | command file]]
 
! STM32 Unlock tool support
 
! STM32 Unlock tool support
! J-Flash:<br> Unlock project
+
! J-Flash:<br>Unlock project
! J-Flash<ref>For further information regarding native support in J-Flash and why native support is no longer implemented for new devices, please refer to this article: [[MCU_Security_Options]]</ref>:<br> native lock support
+
! J-Flash<ref>For further information regarding native support in J-Flash and why native support is no longer implemented for new devices, please refer to this article: [[MCU_Security_Options]]</ref>:<br>native lock support
! J-Flash:<br> Lock project
+
! J-Flash:<br>Lock project
 
|-
 
|-
|STM32F0
+
|[[STM32F0]]
 
|Cortex-M0
 
|Cortex-M0
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F0_Lock.jlink | STM32F0_Lock.jlink]]
 
|[[:Media:STM32F0_Lock.jlink | STM32F0_Lock.jlink]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F0_Unlock.jflash|STM32F0_Unlock.jflash]]
 
|[[:Media:STM32F0_Unlock.jflash|STM32F0_Unlock.jflash]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F0_Lock.jflash|STM32F0_Lock.jflash]]
 
|[[:Media:STM32F0_Lock.jflash|STM32F0_Lock.jflash]]
 
|-
 
|-
|STM32F1
+
|[[STM32F1]]
 
|Cortex-M3
 
|Cortex-M3
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F1_Lock.jlink|STM32F1_Lock.jlink]]
 
|[[:Media:STM32F1_Lock.jlink|STM32F1_Lock.jlink]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F1_Unlock.jflash|STM32F1_Unlock.jflash]]
 
|[[:Media:STM32F1_Unlock.jflash|STM32F1_Unlock.jflash]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F1_Lock.jflash|STM32F1_Lock.jflash]]
 
|[[:Media:STM32F1_Lock.jflash|STM32F1_Lock.jflash]]
 
|-
 
|-
|STM32F2
+
|[[STM32F2]]
 
|Cortex-M3
 
|Cortex-M3
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F2_Lock.jlink|STM32F2_Lock.jlink]]
 
|[[:Media:STM32F2_Lock.jlink|STM32F2_Lock.jlink]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F2_Unlock.jflash|STM32F2_Unlock.jflash]]
 
|[[:Media:STM32F2_Unlock.jflash|STM32F2_Unlock.jflash]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F2_Lock.jflash|STM32F2_Lock.jflash]]
 
|[[:Media:STM32F2_Lock.jflash|STM32F2_Lock.jflash]]
 
|-
 
|-
|STM32F3
+
|[[STM32F3]]
 
|Cortex-M4
 
|Cortex-M4
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F3_Lock.jlink|STM32F3_Lock.jlink]]
 
|[[:Media:STM32F3_Lock.jlink|STM32F3_Lock.jlink]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F3_Unlock.jflash|STM32F3_Unlock.jflash]]
 
|[[:Media:STM32F3_Unlock.jflash|STM32F3_Unlock.jflash]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F3_Lock.jflash|STM32F3_Lock.jflash]]
 
|[[:Media:STM32F3_Lock.jflash|STM32F3_Lock.jflash]]
 
|-
 
|-
 
|[[STM32F4]]
 
|[[STM32F4]]
 
|Cortex-M4
 
|Cortex-M4
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F4_Lock.jlink|STM32F4_Lock.jlink]]
 
|[[:Media:STM32F4_Lock.jlink|STM32F4_Lock.jlink]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F4_Unlock.jflash|STM32F4_Unlock.jflash]]
 
|[[:Media:STM32F4_Unlock.jflash|STM32F4_Unlock.jflash]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F4_Lock.jflash|STM32F4_Lock.jflash]]
 
|[[:Media:STM32F4_Lock.jflash|STM32F4_Lock.jflash]]
 
|-
 
|-
 
|[[STM32F7]]
 
|[[STM32F7]]
 
|Cortex-M7
 
|Cortex-M7
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F7_Lock.jlink|STM32F7_Lock.jlink]]
 
|[[:Media:STM32F7_Lock.jlink|STM32F7_Lock.jlink]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F7_Unlock.jflash|STM32F7_Unlock.jflash]]
 
|[[:Media:STM32F7_Unlock.jflash|STM32F7_Unlock.jflash]]
|scope="col" style="text-align:center" | [[File:NO.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32F7_Lock.jflash|STM32F7_Lock.jflash]]
 
|[[:Media:STM32F7_Lock.jflash|STM32F7_Lock.jflash]]
 
|-
 
|-
  +
|[[STM32G0]]
|STM32H7
 
  +
|Cortex-M0+
  +
|scope="col" style="text-align:center" | {{YES}}
  +
|[[:Media:STM32G0_Lock.jlink | STM32G0_Lock.jlink]]
  +
|scope="col" style="text-align:center" | {{YES}}
  +
|[[:Media:STM32G0_Unlock.jflash|STM32G0_Unlock.jflash]]
  +
|scope="col" style="text-align:center" | {{NO}}
  +
|[[:Media:STM32G0_Lock.jflash|STM32G0_Lock.jflash]]
  +
|-
  +
|[[STM32G4]]
  +
|Cortex-M4
  +
|scope="col" style="text-align:center" | {{YES}}
  +
|[[:Media:STM32G4_Lock.jlink | STM32G4_Lock.jlink]]
  +
|scope="col" style="text-align:center" | {{YES}}
  +
|[[:Media:STM32G4_Unlock.jflash|STM32G4_Unlock.jflash]]
  +
|scope="col" style="text-align:center" | {{NO}}
  +
|[[:Media:STM32G4_Lock.jflash|STM32G4_Lock.jflash]]
  +
|-
  +
|[[STM32H7]]
 
|Cortex-M7
 
|Cortex-M7
  +
|scope="col" style="text-align:center" | {{YES}}
|N/A
 
  +
|[[:Media:STM32H7_Lock.jlink|STM32H7_Lock.jlink]]
|N/A
 
|scope="col" style="text-align:center" | [[File:NO.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
|[[:Media:STM32F7_Lock.jflash|STM32H7_Unlock.jflash]]
+
|[[:Media:STM32H7_Unlock.jflash|STM32H7_Unlock.jflash]]
|scope="col" style="text-align:center" | [[File:NO.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{NO}}
|[[:Media:STM32F7_Lock.jflash|STM32H7_Lock.jflash]]
+
|[[:Media:STM32H7_Lock.jflash|STM32H7_Lock.jflash]]
 
|-
 
|-
|STM32L0
+
|[[STM32L0]]
 
|Cortex-M0
 
|Cortex-M0
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32L0_Lock.jlink|STM32L0_Lock.jlink]]
 
|[[:Media:STM32L0_Lock.jlink|STM32L0_Lock.jlink]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32L0_Unlock.jflash|STM32L0_Unlock.jflash]]
 
|[[:Media:STM32L0_Unlock.jflash|STM32L0_Unlock.jflash]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32L0_Lock.jflash|STM32L0_Lock.jflash]]
 
|[[:Media:STM32L0_Lock.jflash|STM32L0_Lock.jflash]]
 
|-
 
|-
|STM32L1
+
|[[STM32L1]]
 
|Cortex-M3
 
|Cortex-M3
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32L1_Lock.jlink|STM32L1_Lock.jlink]]
 
|[[:Media:STM32L1_Lock.jlink|STM32L1_Lock.jlink]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32L1_Unlock.jflash|STM32L1_Unlock.jflash]]
 
|[[:Media:STM32L1_Unlock.jflash|STM32L1_Unlock.jflash]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32L1_Lock.jflash|STM32L1_Lock.jflash]]
 
|[[:Media:STM32L1_Lock.jflash|STM32L1_Lock.jflash]]
 
|-
 
|-
 
|[[STM32L4]]
 
|[[STM32L4]]
 
|Cortex-M4
 
|Cortex-M4
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32L4_Lock.jlink|STM32L4_Lock.jlink]]
 
|[[:Media:STM32L4_Lock.jlink|STM32L4_Lock.jlink]]
|scope="col" style="text-align:center" | [[File:YES.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{YES}}
 
|[[:Media:STM32L4_Unlock.jflash|STM32L4_Unlock.jflash]]
 
|[[:Media:STM32L4_Unlock.jflash|STM32L4_Unlock.jflash]]
|scope="col" style="text-align:center" | [[File:NO.png|20px|link=]]
+
|scope="col" style="text-align:center" | {{NO}}
 
|[[:Media:STM32L4_Lock.jflash|STM32L4_Lock.jflash]]
 
|[[:Media:STM32L4_Lock.jflash|STM32L4_Lock.jflash]]
  +
|-
  +
|[[STM32L5]]
  +
|Cortex-M33
  +
|scope="col" style="text-align:center" | {{YES}}
  +
|[[:Media:STM32L5_Lock.jlink|STM32L5_Lock.jlink]]
  +
|scope="col" style="text-align:center" | {{YES}}
  +
|[[:Media:STM32L5_Unlock.jflash|STM32L5_Unlock.jflash]]
  +
|scope="col" style="text-align:center" | {{NO}}
  +
|[[:Media:STM32L5_Lock.jflash|STM32L5_Lock.jflash]]
  +
|-
  +
|[[STM32U5]]
  +
|Cortex-M33
  +
|scope="col" style="text-align:center" | {{YES}}
  +
|[[:Media:STM32U5_Lock.jlink|STM32U5_Lock.jlink]]
  +
|scope="col" style="text-align:center" | {{YES}}
  +
|[[:Media:STM32U5_Unlock.jflash|STM32U5_Unlock.jflash]]
  +
|scope="col" style="text-align:center" | {{NO}}
  +
|[[:Media:STM32U5_Lock.jflash|STM32U5_Lock.jflash]]
  +
|-
  +
|[[STM32WB]]
  +
|Cortex-M33
  +
|scope="col" style="text-align:center" | {{YES}}
  +
|[[:Media:STM32WB_Lock.jlink|STM32WB_Lock.jlink]]
  +
|scope="col" style="text-align:center" | {{YES}}
  +
|[[:Media:STM32WB_Unlock.jflash|STM32WB_Unlock.jflash]]
  +
|scope="col" style="text-align:center" | {{NO}}
  +
|[[:Media:STM32WB_Lock.jflash|STM32WB_Lock.jflash]]
 
|}
 
|}
  +
{{Note|1=
  +
Some STM32 devices require a power-on reset if the read out protection is set and the debugger is still connected through JTAG/SWD.
  +
}}
   
All command files and J-Flash projects have a specific MCU selected.
+
All command files and J-Flash projects have a specific MCU selected.
 
For the sole purpose of locking the device via J-Link commander changing of the device name is not necessary,
 
For the sole purpose of locking the device via J-Link commander changing of the device name is not necessary,
 
<!-- See http://forum.segger.com/index.php?page=Thread&threadID=4150 -->
 
<!-- See http://forum.segger.com/index.php?page=Thread&threadID=4150 -->
 
'''but it is mandatory to change the device name to the actual device used when using J-Flash or doing any flash programming in J-Link commander.'''
 
'''but it is mandatory to change the device name to the actual device used when using J-Flash or doing any flash programming in J-Link commander.'''
   
Please note that securing a device via J-Link command files is limited in a way that interpretation of return values,
+
Please note that securing a device via J-Link command files is limited in a way that interpretation of return values,
if / else branches etc. are not available. Therefore, production programming and securing of devices can only be done with
+
if / else branches etc. are not available. Therefore, production programming and securing of devices can only be done with
 
J-Flash or the J-Link SDK.
 
J-Flash or the J-Link SDK.
In any case, it is the responsibility of the user to verify that the required read out protection is active before the programming device leaves the production facility.
+
In any case, it is the responsibility of the user to verify that the required read out protection is active before the programming device leaves the production facility.
   
 
<references/>
 
<references/>

Revision as of 10:50, 8 August 2022

The STM32 Series is a popular family of Cortex-M devices by STMicroelectronics. The following article contains information which applies to all members of the product family (e.g. readout protection). Information which is more specific to the respective sub-family(e.g. QSPI programming) is provided in family specific articles.

A list of all ST devices supported by SEGGER can be found here. For further information regarding the STM32 product family, please refer to the website and documentation by STMicroelectronics.

Device specific connect

To provide the best debugging experience for the most common setups, a device specific connect is implemented for the STM32 devices. If for some reason this device specific connect causes issues for a certain setup, users can override the device specific connect.

Debug registers

The STM32 devices come with multiple debug registers (DBG / DBGMCU). Some of these registers are written by J-Link during connect, to provide a good debugging experiance:

  • Enabling watchdog timer freeze on debug halt.
  • Enabling debugging during Sleep, Standby & Stop modes.
Note:
  • The used registers will be reset to their reset value on disconnect.
  • The J-Link expects that these registers are written by J-Link only and not by the target application!

Device security

On connect, the device security is checked. If security is set (and recoverable) the user is asked if they want security to be lifted. If the user agrees, security is lifted by J-Link (if possible).

Note:
  • The device is briefly halted while checking security. This is done because in some cases, device security might be detected wrongly while the device is running.
  • In most cases, unsecuring the device causes a mass erase of the flash.
  • It is possible to save the selection of the unlock dialog. To reset this, please refer to: Reset unlock message box.

MCU Security

Allow opt bytes device selection

The "allow opt. bytes" device selection is only available for STM32F1 series devices. For later devices, memory mapped programming of the option bytes is not feasible as for some series, the option bytes become valid immediately which would cause immediate connection loss to a device (in case readout protection is enabled) before the option byte programming can be verified.

The STM32 series devices provide option bytes which allow "permanent" configuration as well as readout protection for the device. In order to enable or disable readout protection, a sequence of multiple read / write accesses to special function registers of the STM32 MCU has to be performed. The sequence is different for each sub-family of the STM32 device series and is described in the respective reference manual of the device. A list of example J-Link commander files and J-Flash projects which enable or disable the readout protection of an STM32 device is provided below. Please note that the provided files serves as an example / proof of concept. A user may alter them in order to suit their specific use case, e.g. using smaller timeouts, programming other values, etc.

Note:
A power-on reset is required when securing the device while a debug probe is connected.

Disabling readout protection

J-Link Commander and J-Flash

J-Link Commander and J-Flash automatically detect secured STM32 devices and ask the user if it should be unlocked. Further information regarding this can be found here: Secured_ST_device_detected

Flasher standalone mode

In order to unlock a STM32 device in stand-alone mode, the unlock sequence needs to be configured in the init steps of the J-Flash project (see examples in the table below).

Restoring factory defaults

The standalone software tool STM32 Unlock can be used to reset the Option Bytes of a STM32 device to factory default settings. STM32 Unlock is part of the J-Link software & documentation pack.

Enabling readout protection

All provided J-Link Commander command files and J-Flash projects set the read out protection to level 1 (ROP == Level 1). In order to set ROP Level 2, the value "0xBB" needs to be changed to "0xCC" where indicated in the command file / Exit steps of the J-Flash project. Please note that ROP Level 2 is permanent and can neither be reverted by SEGGER nor by ST.

Device Table

STM32 series overview
Sub-Family Core J-Link Commander and J-Flash:
native Unlock support
J-Link Commander:
Lock via command file
STM32 Unlock tool support J-Flash:
Unlock project
J-Flash[1]:
native lock support
J-Flash:
Lock project
STM32F0 Cortex-M0 YES.png STM32F0_Lock.jlink YES.png STM32F0_Unlock.jflash YES.png STM32F0_Lock.jflash
STM32F1 Cortex-M3 YES.png STM32F1_Lock.jlink YES.png STM32F1_Unlock.jflash YES.png STM32F1_Lock.jflash
STM32F2 Cortex-M3 YES.png STM32F2_Lock.jlink YES.png STM32F2_Unlock.jflash YES.png STM32F2_Lock.jflash
STM32F3 Cortex-M4 YES.png STM32F3_Lock.jlink YES.png STM32F3_Unlock.jflash YES.png STM32F3_Lock.jflash
STM32F4 Cortex-M4 YES.png STM32F4_Lock.jlink YES.png STM32F4_Unlock.jflash YES.png STM32F4_Lock.jflash
STM32F7 Cortex-M7 YES.png STM32F7_Lock.jlink YES.png STM32F7_Unlock.jflash YES.png STM32F7_Lock.jflash
STM32G0 Cortex-M0+ YES.png STM32G0_Lock.jlink YES.png STM32G0_Unlock.jflash NO.png STM32G0_Lock.jflash
STM32G4 Cortex-M4 YES.png STM32G4_Lock.jlink YES.png STM32G4_Unlock.jflash NO.png STM32G4_Lock.jflash
STM32H7 Cortex-M7 YES.png STM32H7_Lock.jlink YES.png STM32H7_Unlock.jflash NO.png STM32H7_Lock.jflash
STM32L0 Cortex-M0 YES.png STM32L0_Lock.jlink YES.png STM32L0_Unlock.jflash YES.png STM32L0_Lock.jflash
STM32L1 Cortex-M3 YES.png STM32L1_Lock.jlink YES.png STM32L1_Unlock.jflash YES.png STM32L1_Lock.jflash
STM32L4 Cortex-M4 YES.png STM32L4_Lock.jlink YES.png STM32L4_Unlock.jflash NO.png STM32L4_Lock.jflash
STM32L5 Cortex-M33 YES.png STM32L5_Lock.jlink YES.png STM32L5_Unlock.jflash NO.png STM32L5_Lock.jflash
STM32U5 Cortex-M33 YES.png STM32U5_Lock.jlink YES.png STM32U5_Unlock.jflash NO.png STM32U5_Lock.jflash
STM32WB Cortex-M33 YES.png STM32WB_Lock.jlink YES.png STM32WB_Unlock.jflash NO.png STM32WB_Lock.jflash
Note:
Some STM32 devices require a power-on reset if the read out protection is set and the debugger is still connected through JTAG/SWD.

All command files and J-Flash projects have a specific MCU selected. For the sole purpose of locking the device via J-Link commander changing of the device name is not necessary, but it is mandatory to change the device name to the actual device used when using J-Flash or doing any flash programming in J-Link commander.

Please note that securing a device via J-Link command files is limited in a way that interpretation of return values, if / else branches etc. are not available. Therefore, production programming and securing of devices can only be done with J-Flash or the J-Link SDK. In any case, it is the responsibility of the user to verify that the required read out protection is active before the programming device leaves the production facility.

  1. For further information regarding native support in J-Flash and why native support is no longer implemented for new devices, please refer to this article: MCU_Security_Options