4. Boot modes
At startup, a BOOT0 pin, NBOOT0, and NSBOOTADDx[24:0]/SECBOOTADD0[24:0] option bytes are used to select the boot memory address that includes:
- • Boot from any address in user flash memory
- • Boot from system memory (bootloader)
- • Boot from any address in the embedded SRAM
- • Boot from root security service (RSS)
The BOOT0 value may come from the PH3-BOOT0 pin or from an option bit depending on the value of a user option bit to free the GPIO pad if needed.
The bootloader, located in the system memory, is used to reprogram the flash memory by using USART, I2C, SPI, FDCAN, or USB/OTG_FS/OTG_HS in device mode through the DFU (device firmware upgrade).
Table 25 and Table 26 detail the boot modes when TrustZone is disabled or enabled.
Table 25. Boot modes when TrustZone is disabled (TZEN = 0)
| NBOOT0 FLASH_ OPTR[27] | BOOT0 pin PH3 | NSWBOOT0 FLASH_ OPTR[26] | Boot address option-byte selection | Boot area | ST programmed default value |
|---|---|---|---|---|---|
| - | 0 | 1 | NSBOOTADD0[24:0] | Boot address defined by user option bytes NSBOOTADD0[24:0] | Flash memory: 0x0800 0000 |
| - | 1 | 1 | NSBOOTADD1[24:0] | Boot address defined by user option bytes NSBOOTADD1[24:0] | Bootloader: 0x0BF9 0000 |
| 1 | - | 0 | NSBOOTADD0[24:0] | Boot address defined by user option bytes NSBOOTADD0[24:0] | Flash memory: 0x0800 0000 |
| 0 | - | 0 | NSBOOTADD1[24:0] | Boot address defined by user option bytes NSBOOTADD1[24:0] | Bootloader: 0x0BF9 0000 |
When TrustZone is enabled by setting the TZEN option bit, the boot space must be in the secure area. The SECBOOTADD0[24:0] option bytes are used to select the boot secure memory address.
A unique boot entry option can be selected by setting the BOOT_LOCK option bit. All other boot options are ignored.
Table 26. Boot modes when TrustZone is enabled (TZEN = 1)
| BOOT_LOCK | NBOOT0 FLASH_OPTR[27] | BOOT0 pin PH3 | NSWBOOT0 FLASH_OPTR[26] | RSS command | Boot address option-byte selection | Boot area | ST programmed default value |
|---|---|---|---|---|---|---|---|
| 0 | - | 0 | 1 | 0 | SECBOOTADD0 [24:0] | Secure boot address defined by user option bytes SECBOOTADD0[24:0] | Flash memory: 0x0C00 0000 |
| - | 1 | 1 | 0 | N/A | RSS | RSS: 0x0FF8 0000 | |
| 1 | - | 0 | 0 | SECBOOTADD0 [24:0] | Secure boot address defined by user option bytes SECBOOTADD0[24:0] | Flash memory: 0x0C00 0000 | |
| 0 | - | 0 | 0 | N/A | RSS | RSS: 0x0FF8 0000 | |
| - | - | - | ≠ 0 | N/A | RSS | RSS: 0x0FF8 0000 | |
| 1 | - | - | - | - | SECBOOTADD0 [24:0] | Secure boot address defined by user option bytes SECBOOTADD0[24:0] | Flash memory: 0x0C00 0000 |
The boot address option bytes are used to program any boot memory address. However, the allowed address space depends on flash memory read protection RDP level.
If the programmed boot memory address is out of the allowed memory mapped area when RDP level is 0.5 or more, the default boot fetch address is forced either in the secure flash memory or the nonsecure flash memory depending on the TrustZone security option as described in the table below.
Table 27. Boot space versus RDP protection
| RDP | TZEN = 1 | TZEN = 0 |
|---|---|---|
| 0 | Any boot address | Any boot address |
| 0.5 | N/A | |
| 1 | Boot address only in RSS: 0x0FF80000 or in secure flash memory: | Any boot address |
| 2 |
| Boot address only in flash memory:
|
The BOOT0 value (either coming from the pin or the option bit) is latched upon reset release. It is up to the user to set nBOOT0 or BOOT0 values to select the required boot mode.
The BOOT0 pin or user option bit (depending on NSWBOOT0 in FLASH_OPTR) is also resampled when exiting Standby mode. Consequently, the BOOT0 pin or user option bit must be kept in the required boot mode configuration in Standby mode. After the startup delay, the selection of the boot area is done before releasing the processor reset.
PH3/BOOT0 GPIO is configured as follows:
- • in input mode during the complete reset phase, if NSWBOOT0 is set in FLASH_OPTR, and then switches automatically in analog mode after reset is released (BOOT0 pin)
- • in input mode from the reset phase to the completion of the option byte loading, if NSWBOOT0 is cleared in FLASH_OPTR (BOOT0 value coming from the option bit), and then switches automatically to the analog mode even if the reset phase is not complete
Embedded bootloader
The embedded bootloader is located in the system memory, programmed by ST during production. Refer to the application note STM32 microcontroller system memory boot mode (AN2606).
Embedded root security services (RSS)
The embedded RSS are located in the secure information block, programmed by ST during production. Refer to the application note STM32 MCUs secure firmware install (SFI) overview (AN4992).