7. Embedded flash memory (FLASH)

7.1 FLASH introduction

The flash memory interface manages accesses to the flash memory, maximizing throughput to the CPU, instruction cache and DMAs. It implements the flash memory erase and program operations as well as the read and write protection mechanisms. It also implements the security and privilege access control features. It is optimized in terms of power consumption with dedicated modes when the MCU is in low-power modes.

7.2 FLASH main features

• • Up to 4 Mbytes of flash memory supporting read-while-write capability (RWW).
• • Memory organization
  • – Dual bank architecture (bank 1 and bank 2)
  • – Main memory: up to 2 Mbytes per bank
  • – Information block: 64.5 Kbytes in bank 1
• • 128-bit wide data read with prefetch
• • Standard and burst programming modes
• • Read, program and erase operations in all voltage ranges
• • 10 kcycles endurance on all flash memory. 100 kcycles on up to 256 Kbytes per bank
• • Page erase, bank erase and mass erase (both banks)
• • Bank swapping: the user flash memory address mapping of each bank can be swapped.
• • Product security activated by TrustZone option bit (TZEN)
• • Device life cycle managed by readout protection option byte (RDP)
• • Four write protection areas (two per bank)
• • TrustZone support:
  • – Two secure areas (1 per bank)
  • – Two secure HDP (hide protection) areas part of the secure areas (one per bank)
• • Configurable protection against unprivileged accesses with flash page granularity
• • Error code correction: 9-bit ECC per 128-bit quad-word allowing two bits error detection and one bit error correction
• • Option-byte loader
• • Advanced low-power modes (low-power read mode, bank power-down mode)

7.3 FLASH functional description

7.3.1 Flash memory organization

The flash memory has the following main features:

• • Capacity up to 4 Mbytes
• • Dual-bank mode:
  • – up to 2 Mbytes per bank for main memory
  • – 8 Kbytes page size
  • – 137 bits wide data read and write (128 effective bits plus 9 ECC bits)
  • – Page, bank and mass erase
  • – Support read-while-write feature
  • – Support bank shutdown feature for power consumption saving

The flash memory is organized as follows:

• • Main memory block organized as two banks of up to 2 Mbytes each containing up to 256 pages of 8 Kbytes
• • An information block containing:
  • – 32 Kbytes for system memory. This area is immutable and reserved for use by STMicroelectronics. It contains the bootloader that is used to reprogram the flash memory through one of the user communication interfaces such as USB (DFU). The system memory is programmed by STMicroelectronics when the device is manufactured. For further details, refer to the application note STM32 microcontroller system memory boot mode (AN2606).
  • – 32 Kbytes immutable secure area containing the root security services (RSS and RSS library) developed by STMicroelectronics
  • – 512 bytes OTP (one-time programmable) bytes for user data (32 quad-words). The OTP data cannot be erased and can be written only once.
  • – option bytes for user configuration. Unlike user flash memory and system memory, it is not mapped to any memory address and can be accessed only through the flash register interface.

The memory organization is based on a main area and an information block as shown in the tables below.

Table 51. Flash module 512-Kbyte dual-bank organization for STM32U535/545 ⁽¹⁾

1. 1. When DUALBANK = 1 in option bytes, the bank 2 base address is 0x0802 0000 for 256-Kbyte, and 0x0801 0000 for 128-Kbyte dual-bank STM32U535/545 devices.

Table 52. Flash module 2-Mbyte dual-bank organization for STM32U575/585 ⁽¹⁾

1. 1. When DUALBANK = 1 in option bytes, the bank 2 base address is 0x0808 0000 for 1-Mbyte dual-bank STM32U575/585 devices.

Table 53. Flash module 4-Mbyte dual-bank organization for STM32U59x/5Ax/5Fx/5Gx ⁽¹⁾

1. 1. When DUALBANK = 1 in option bytes, the bank 2 base address is 0x0810 0000 for 2-Mbyte dual-bank STM32U59x/5Ax/5Fx/5Gx devices.

Note: The secure information block is only accessible when TrustZone is active.

7.3.2 Error code correction (ECC)

Data in flash memory are 137-bit words: Nine bits are added per quad-word (128 bits). The ECC mechanism supports:

• • one error detection and correction
• • two errors detection

When one error is detected and corrected, the ECCC flag (ECC correction) is set in FLASH_ECCR. If the ECCCIE bit is set, an interrupt is generated.

When two errors are detected, the ECCD flag (ECC detection) is set in FLASH_ECCR. In this case, an NMI is generated.

When an ECC error is detected, the address of the failing quad-word and its associated bank are saved in ADDR_ECC[19:0] and BK_ECC in FLASH_ECCR. ADDR_ECC[3:0] are always cleared.

When ECCC or ECCD is set, ADDR_ECC and BK_ECC are not updated if a new ECC error occurs. FLASH_ECCR is updated only when ECC flags are cleared.

Caution: When the ECCC flag is set, a further two-errors detection is not able to generate the NMI or break signal to timers. It is therefore recommended to clear the ECCC flag as soon as a correction is operated, to preserve the ECC error detection capability. In case of a double

ECC error detection (ECCD flag set and NMI triggered), the software must clean the cache in the NMI handler. Refer to STM32U5 Series safety manual (UM2875) for the full description of the implications on safety standards compliance.

Note: For an erased flash line, one error is detected and corrected but two errors detection is not supported. When an ECC error is reported, a new read at the failing address may not generate an ECC error if the data is still present in the current buffer, even if ECCC and ECCD are cleared.

The following addresses in the system flash memory are used to store words including ECC errors to allow run-time tests by software on ECC correction detection capability:

• • 0x0BFA1F00 (embeds a word with 1-bit error)
• • 0x0BFA1F80 (embeds a word with 2-bit error)

In case the second address is read, for instance by the debugger memory viewer, an NMI is generated.

7.3.3 Read access latency

To correctly read data from flash memory, the number of wait states (latency) must be correctly programmed in FLASH_ACR according to the frequency of the CPU clock (HCLK), and the internal voltage range of the device V _CORE . Refer to Section 10.5.4: Dynamic voltage scaling management .

The table below shows the correspondence between wait states and CPU clock frequency.

Table 54. Number of wait states according to CPU clock (HCLK) frequency (LPM = 0)

The flash memory supports a low-power read mode when setting LPM in FLASH_ACR. The table below shows the correspondence between wait states and CPU clock frequency when LPM bit is set.

Table 55. Number of wait states according to CPU clock (HCLK) frequency (LPM = 1)

After reset, the CPU clock frequency is 4 MHz, 0 wait state (WS) is configured in FLASH_ACR and the normal read mode is selected (LPM = 0).

Instruction prefetch

The Cortex-M33 fetches instructions and literal pools (constants/data) over the C-Bus and through the instruction cache if it is enabled. The prefetch block aims at increasing the efficiency of C-Bus accesses in case the instruction cache is enabled by reducing the cache refill latency. Prefetch is efficient in case of sequential code; prefetch in the flash memory allows the next sequential instruction line to be read from the flash memory while the current instruction line is being filled in instruction cache and executed by the CPU.

Prefetch is enabled by setting PRFTEN in FLASH_ACR. PRFTEN must be set only if at least one wait state is needed to access the flash memory.

Note: Prefetch tends to increase the code execution performance at the cost extra flash memory accesses. It must be used carefully in low-power applications.

When changing the CPU frequency, the software sequences detailed below must be applied in order to tune the number of wait states needed to access the flash memory.

Increase the CPU frequency

1. 1. Program the new number of wait states to LATENCY bits in FLASH_ACR.
2. 2. Check that the new number of wait states is taken into account to access the flash memory by reading back FLASH_ACR.
3. 3. Modify the CPU clock source by writing W bits in RCC_CFGR1.
4. 4. Modify the CPU clock prescaler, if needed, by writing HPRE bits in RCC_CFGR2.
5. 5. Check that the new CPU clock source or/and the new CPU clock prescaler value is/are taken into account by reading the clock source status (SWS bits) or/and the AHB prescaler value (HPRE bits), respectively, in RCC_CFGR1 and RCC_CFGR2.

Decrease the CPU frequency

1. 1. Modify the CPU clock source by writing SW bits in RCC_CFGR1.
2. 2. Modify the CPU clock prescaler, if needed, by writing HPRE bits in RCC_CFGR2.
3. 3. Check that the new CPU clock source or/and the new CPU clock prescaler value is/are taken into account by reading the clock source status (SWS bits) or/and the AHB prescaler value (HPRE bits), respectively, in RCC_CFGR1 and RCC_CFGR2.
4. 4. Program the new number of wait states to LATENCY bits in FLASH_ACR.
5. 5. Check that the new number of wait states is used to access the flash memory by reading back FLASH_ACR.

The software sequences detailed below must be applied in order to modify the read mode.

From normal read mode to low-power read mode

1. 1. Set LPM in FLASH_ACR.
2. 2. Check that the low-power read mode is activated by reading FLASH_ACR.

From low-power read mode to normal read mode

1. 1. Reset LPM bit in FLASH_ACR.
2. 2. Check that the normal read mode is activated by reading FLASH_ACR.

7.3.4 Bank power-down mode

After reset, both banks are in normal mode. In order to reduce power consumption, each bank can be independently put in power-down mode by setting PDREQx in FLASH_ACR.

Request entry in power-down mode for bank x

• • Check that bank x is not in power-down mode, and that no request to put it in power-down mode is pending (PDx in FLASH_NSSR and PDREQx in FLASH_ACR must be reset).
• • Unlock PDKEYxR with correct keys (see FLASH_PDKEY1R or FLASH_PDKEY2R).
• • Set PDREQx in FLASH_ACR.
• • Check that PDx is set in LFASH_NSSR PDREQx in FLASH_ACR is automatically reset, and the PDKEYxR is locked.

Note: If bank x is currently being accessed, the power-down request is delayed until the access is completed.

Requesting power-down entry for a bank already in power-down mode has no effect. PDREQx in FLASH_ACR is automatically reset, and the PDKEYxR is locked.

Return to normal mode

Any access to a bank in power-down mode automatically wakes up the bank. A penalty of 5 µs minimum is taken to wake up the bank.

Waking up bank 1 (respectively bank 2) is done in one of the following cases:

• • upon a valid read access to bank 1 (resp. bank 2)
• • upon a valid write access to bank 1 (resp. bank 2)
• • upon a valid bank erase on bank 1 (resp. bank 2)

Waking up both bank 1 and bank 2 is done in one of the following cases:

• • upon a valid mass erase
• • upon an option byte modification
• • upon an option byte loading
• • upon system reset

Note: The software can reduce the flash bank wake-up time by enabling HSI16 before waking up the bank.

7.3.5 Flash memory program and erase operations

The embedded flash memory can be programmed using in-circuit programming (ICP) or in-application programming (IAP).

The ICP method is used to update the entire contents of the flash memory, using the JTAG, SWD protocol, or the bootloader to load the user application into the microcontroller. The ICP offers quick and efficient design iterations, and eliminates unnecessary package handling or socketing of devices.

The IAP can use any communication interface supported by the microcontroller (such as I/Os, USB, CAN, UART, I2C, or SPI) to download programming data into the memory. The IAP allows the user to reprogram the flash memory while the application is running. Part of the application must have been previously programmed in the flash memory using ICP.

An ongoing flash memory operation does not block the CPU as long as the CPU does not access the same flash memory bank. Code or data fetches are possible on one bank while a write/erase operation is performed to the other bank (refer to Section 7.3.10 ).

On the contrary, during a program/erase operation to the flash memory, any attempt to read the same flash memory bank stalls the bus. The read operation proceeds correctly once the program/erase operation has been completed.

The MCU supports TrustZone that defines secure and nonsecure areas in the flash memory. All program and erase operations can be performed in secure mode through the secure registers or in nonsecure mode through the nonsecure registers. For more information, refer to Section 7.5 .

Unlock the secure/nonsecure FLASH control registers

After reset, write is not allowed in FLASH_SECCR and FLASH_NSCR in order to protect the flash memory against possible unwanted operations (due, for example, to electric disturbances).

The following sequence is used to unlock these registers:

1. 1. Write KEY1 = 0x45670123 in FLASH_SECKEYR or FLASH_NSKEYR.
2. 2. Write KEY2 = 0xCDEF89AB in FLASH_SECKEYR or FLASH_NSKEYR).

Any wrong sequence locks up FLASH_SECCR or FLASH_NSCR until the next system reset. In the case of a wrong key sequence, a bus error is detected and a HardFault interrupt is generated.

FLASH_NSCR (resp. FLASH_SECCR) can be locked again by software by setting LOCK in FLASH_NSCR (resp. FLASH_SECCR).

Note: FLASH_NSCR and FLASH_SECCR cannot be written when the BSY bits are set. Any attempt to write them with BSY bits set, causes the AHB bus to stall until the BSY bits are cleared.

Wait for data-to-write flags (WDW)

The WDW flags in FLASH_NSSR and FLASH_SECSR are both set when a secure or nonsecure write access has been done in the write buffer. They are cleared when BSY flags are set (meaning that the write buffer is freed and the programming operation actually starts in the flash memory) or in case of error.

The software must ensure that the four words in the same quad-word are all written.

Flash secure and nonsecure busy flags

BSY flags in FLASH_NSSR and FLASH_SECSR are both set when a secure or nonsecure flash operation is started:

• • Erase operation: setting STRT in FLASH_NSCR or FLASH_SECCR.
• • Write operation: setting PG in FLASH_NSCR or FLASH_SECCR, and writing a quad-word in the flash memory.
• • Option-byte programming: setting OPTSTRT in FLASH_NSCR.

7.3.6 Flash main memory erase sequences

The flash memory erase operation can be performed at page level, bank level or on the whole flash memory (mass erase). Mass erase does not affect the information block (system flash, OTP and option bytes). The erase operation is either secure or nonsecure.

Page erase

To erase a page, follow the procedure below:

1. 1. Check that no flash memory operation is ongoing by checking BSY in FLASH_NSSR or FLASH_SECSR.
2. 2. Check and clear all error programming flags due to a previous programming. If not, PGSERR is set.
3. 3. Set PER bit and select the page to erase (PNB) with the associated bank (BKER) in FLASH_NSCR or FLASH_SECCR.
4. 4. Set STRT in FLASH_NSCR or FLASH_SECCR.
5. 5. Wait for BSY to be cleared in FLASH_NSSR or FLASH_SECSR.

Bank 1 or bank 2 mass erase

To perform a bank mass erase, follow the procedure below:

1. 1. Check that no flash memory operation is ongoing by checking BSY in FLASH_NSSR or FLASH_SECSR.
2. 2. Check and clear all error programming flags due to a previous programming. If not, PGSERR is set.
3. 3. Set the MER1 or MER2 bit (depending on the bank) in FLASH_NSCR or FLASH_SECCR. Both banks can be selected in the same operation, in that case it corresponds to a mass erase.
4. 4. Set STRT in FLASH_NSCR or FLASH_SECCR.
5. 5. Wait for BSY bit to be cleared in FLASH_NSSR or FLASH_SECSR.

1. 6. The MER1 or MER2 bits can be cleared if no more bank erase is requested.

Mass erase

To perform a mass erase, follow the procedure below:

1. 1. Check that no flash memory operation is ongoing by checking BSY in FLASH_NSSR or FLASH_SECSR.
2. 2. Check and clear all nonsecure error programming flags due to a previous programming. If not, the PGSERR bit is set.
3. 3. Set MER1 bit and MER2 bits in FLASH_NSCR or FLASH_SECCR.
4. 4. Set STRT in FLASH_NSCR or FLASH_SECCR.
5. 5. Wait for BSY bit to be cleared in FLASH_NSSR or FLASH_SECSR.
6. 6. The MER1 and MER2 bit can be cleared if no more mass erase is requested.

Note: The internal oscillator HSI16 (16 MHz) is enabled automatically when the STRT bit is set, and disabled automatically when the STRT bit is cleared, except if the HSI16 is previously enabled with HSION in RCC_CR.

To erase a page, a bank or to perform a mass erase, the software must have sufficient privilege (see Table 73 and Table 74).

7.3.7 Flash main memory programming sequences

The flash memory is programmed 137 bits at a time (128-bit data + 9 bits ECC).

Programming in a previously programmed address is not allowed except if the data to write is full zero, and any attempt sets PROGERR flag in FLASH_NSSR or FLASH_SECSR.

It is only possible to program quad-word (4 x 32-bit data).

• • Any attempt to write byte or half-word sets SIZERR flag in FLASH_NSSR or FLASH_SECSR.
• • Any attempt to write a quad-word that is not aligned with a quad-word address sets PGAERR flag in FLASH_NSSR or FLASH_SECSR.

Flash programming

The flash memory programming sequence is as follows:

1. 1. Check that no flash main memory operation is ongoing by checking BSY in FLASH_NSSR or FLASH_SECSR.
2. 2. Check that the write buffer is empty by checking WDW in FLASH_NSSR or FLASH_SECSR.
3. 3. Check and clear all error programming flags due to a previous programming. If not, PGSERR is set.
4. 4. Set PG bit in FLASH_NSCR or FLASH_SECCR.
5. 5. Perform the data write operation at the desired flash memory address, or in the OTP area. Only a quad-word can be programmed and OTP can be only programmed in nonsecure access:
   • – Write a first word in an address aligned on a quad-word address. WDW bits in FLASH_NSSR and FLASH_SECSR are set to indicate that more data can be written in the write buffer.
   • – Write the second, third and fourth word in the same quad-word.

1. 6. The BSY bit gets set. WDW is reset automatically.
2. 7. Wait until BSY is cleared in FLASH_NSSR or FLASH_SECSR. The software must make sure that BSY is set or WDW is cleared before waiting for BSY to get cleared.
3. 8. If the EOP flag is set in FLASH_NSSR or FLASH_SECSR (meaning that the programming operation has succeeded and the EOPIE bit is set), it must be cleared by software.
4. 9. Clear PG in FLASH_NSCR or FLASH_SECCR if there is no more programming request.

Note: When the flash memory interface received a good sequence (a quad-word), programming is automatically launched and BSY bits are set. The internal oscillator HSI16 (16 MHz) is enabled automatically when PG bit is set, and disabled automatically when PG bit is cleared, except if the HSI16 is previously enabled with HSION in RCC_CR.

No option bytes modification nor erase request is allowed when WDW bit is set.

Programming is possible only if the privileged and security attributes are respected (refer to Section 7.7).

If the user needs to program only one word, the quad-word must be completed with the erase value 0xFFFF FFFF to launch automatically the programming.

ECC is calculated from the quad-word to program.

Flash burst programming (8 quad-words)

The flash memory burst programming sequence is as follows:

1. 1. Check that no flash main memory operation is ongoing by checking BSY bit in FLASH_NSSR or FLASH_SECSR.
2. 2. Check that the write buffer is empty by checking WDW in FLASH_NSSR or FLASH_SECSR.
3. 3. Check and clear all error programming flags due to a previous programming. If not, PGSERR is set.
4. 4. Set BWR and PG bits in FLASH_NSCR or FLASH_SECCR.
5. 5. Perform the data write operation at the desired flash memory address, or in the OTP area. Only 8 quad-words can be programmed:
   • – Write a first 32-bit word in an address aligned on a 8 * quad-word address (multiple of 0x80). WDW bits in FLASH_NSSR and FLASH_SECSR are set to indicate that more data can be written in the write buffer.
   • – Write the 31 other 32-bit words consecutively.
6. 6. The BSY bit gets set. WDW is reset automatically.
7. 7. Wait until BSY is cleared in FLASH_NSSR or FLASH_SECSR). The software must make sure that BSY is set or WDW is cleared before waiting for BSY to get cleared.
8. 8. If EOP flag is set in FLASH_NSSR or FLASH_SECSR (meaning that the programming operation has succeeded and EOPIE is set), it has to be cleared by software.
9. 9. Clear BWR and PG bits in FLASH_NSCR or FLASH_SECCR if there is no more programming request.

Note: When the flash memory interface received a good sequence, programming is automatically launched and the BSY bits are set. The internal oscillator HSI16 (16 MHz) is enabled

automatically when PG bit is set, and disabled automatically when PG bit is cleared, except if the HSI16 is previously enabled with HSION in RCC_CR register.

No option bytes modification nor erase request is allowed when WDW bit is set.

Programming is possible only if the privileged and security attributes are respected (see Section 7.7).

7.3.8 Flash memory endurance

Each flash memory page can be written and erased 10 000 or 100 000 times. A maximum of 32 pages (256 Kbytes) per bank feature this increased endurance of 100 kcycles. This enhanced endurance can be used for data storage that usually needs more intensive cycling capability than code storage.

Any flash page can be chosen to be cycled up to 100 kcycles. As soon as a page is above 10 kcycles, it is considered as high cycling page (even if not yet at 100 kcycles). The application must take care not to exceed 32 pages cycled more than 10 000 times.

For STM32U535/545, as it fits a maximum of 32 pages (256 Kbytes) per bank, the entire flash memory is 100-kcycle capable.

7.3.9 Flash memory errors flags

Flash programming errors

Several kind of errors can be detected during secure and nonsecure operations. In case of error, the flash memory operation (programming or erasing) is aborted.

The secure errors flags are only set during a secure operation and nonsecure flags are only set during a nonsecure operation.

• • PROGERR: secure/nonsecure programming error

It is set when the word to program is pointing to an address:

• – not previously erased
• – already fully programmed to 0
• – already partially programmed (contains 0 and 1) and the new value to program is not full zero
• – for OTP programming, when the address is already partially programmed (contains 0 and 1)

• • SIZER: secure/nonsecure size programming error

Only 32-bit data can be written. SIZER flag is set if a byte or a half-word is written.

• • PGAERR: secure/nonsecure alignment programming error

It is set when the first word to be programmed is not aligned with a quad-word address, or the second, third or forth word does not belong to the same quad-word address.

For burst programming, it is set when the first word to be programmed is not aligned on a 8 *quad-word address or if the following word writes are not done at consecutive 32-bit addresses.

• • PGSERR: programming sequence error

PGSERR is set if one of the following conditions occurs during a erase or program operation:

• – A data is written when PG is cleared.

• – A program operation is requested during erase: PG is set while MER1, MER2, or PER is set.
• – In the erase sequence, PG is set while STRT is already set.
• – In the erase sequence, if STRT is set while MER1, MER2, and PER are cleared.
• – If page and mass erase are requested at the same time, STRT and PER are set while MER1 or MER2 is set.
• – If an operation is started while the write buffer is waiting for the next data, STRT or OPTSTRT is set while WDW is already set.
• – If STRT and OPTSTRT are set at the same time.
• – A nonsecure PGSERR is set if the nonsecure STRT bit is set by a secure access.
• – A secure PGSERR is set if PROGERR, SIZERR, PGAERR, WRPER, R or PGSERR is already set due to a previous programming error.
• – A nonsecure PGSERR is set if PROGERR, SIZERR, PGAERR, WRPERR, PGSERR, or OPTWERR is already set due to a previous programming error.

• • WRPERR: write protection error

• – Refer to Table 68 to Table 71 for all the conditions of WRPERR flag setting.

• • OPTWERR: option bytes write error

OPTWERR is set if when user option bytes are modified with an invalid configuration. It is set when attempting:

• – to program an invalid secure watermark-based area. Refer to Table 59
• – to set or clear the TZEN option bit when RDP is not at correct level (refer to Rules for modifying specific option bytes )
• – to clear the BOOT_LOCK option bit when RDP is not at correct level (refer to Rules for modifying specific option bytes )
• – to modify SWAP_BANK option bit while BOOT_LOCK and TZEN are set
• – to modify SECBOOTADD0 option bit while BOOT_LOCK is set
• – to modify DUALBANK option bit while BOOT_LOCK and TZEN are set
• – to modify SECWM1Rx (resp. SECWM2Rx) while HDP1_ACCDIS (resp. HDP2_ACCDIS) is set
• – to modify the option bytes, except the SWAP_BANK option bit, when RDP is set to level 2
• – to regress from RDP level 0.5 to RDP level 0
• – to modify OEM1KEYRx while RDP level is 0.5 or 1 and OEM1LOCK bit is set
• – to modify OEM2KEYRx while RDP level is 1 and OEM2LOCK bit is set
• – to regress from RDP level 1 to RDP level 0 while OEM1LOCK bit is set and a wrong OEM1KEY is shifted through JTAG or SWD
• – to regress from RDP level 1 to RDP level 0.5 while OEM2LOCK bit is set and a wrong OEM2KEY is shifted through JTAG or SWD
• – to modify WRPxyR while its UNLOCK bit is cleared
• – to set the UNLOCK bit in the WRPxyR when RDP is not at correct level (refer to Rules for modifying specific option bytes )

If an error occurs during a secure or nonsecure program or erase operation, one of the following programming error flags is set:

• • nonsecure programming error flags: PROGERR, SIZERR, PGAERR, PGSERR, OPTWRERR, or WRPERR is set in FLASH_NSSR.
  If ERRIE is set in FLASH_NSCR, an interrupt is generated and the operation error flag OPERR is set in the FLASH_NSSR register.
• • Secure programming error flags: PROGERR, SIZERR, PGAERR, PGSERR, or WRPERR is set in FLASH_SECSR.
  If ERRIE is set in FLASH_SECCR, an interrupt is generated and the operation error flag OPERR is set in FLASH_SECSR.

Note: If several successive errors are detected (for example, in case of DMA transfer to the flash memory), the error flags cannot be cleared until the end of the successive write requests. Any programming error flushes the write buffer.

7.3.10 Read-while-write (RWW)

The flash memory is divided into two banks allowing read-while-write operations. This feature allows a read operation to be performed from one bank while erase or program operation is performed to the other bank.

Note: Write-while-write operations are not allowed. As an example, It is not possible to perform an erase operation on one bank while programming the other one.

Read from bank 1 while page erasing in bank 2 (or vice versa)

While executing a program code from bank 1, it is possible to perform a page erase operation on bank 2 (and vice versa).

Read from bank 1 while mass erasing bank 2 (or vice versa)

While executing a program code from bank 1, it is possible to perform a mass erase operation on bank 2 (and vice versa).

Read from bank 1 while programming bank 2 (or vice versa)

While executing a program code from bank 1, it is possible to perform a program operation on the bank 2 (and vice versa).

Note: Due to the Cortex-M33 unified C-Bus, the user software must ensure to not stall C-Bus with multiple consecutive writes. It is recommended to wait for the BSY flag to be cleared before programming the next quad-word.

7.3.11 Power-down during FLASH programming or erase operation

The contents of the flash memory currently being accessed are not guaranteed if a power-down occurs during a flash memory program or erase operation.

7.3.12 Reset during FLASH programming or erase operation

The contents of the flash memory currently being accessed are not guaranteed if a reset occurs during a flash memory program or erase operation. The status of the flash memory can be recovered from FLASH_OPSR when a system reset occurs during a flash memory program or erase operation.

The software must check the status of the flash memory and take corrective actions. This must be done after each system reset before any other programming or erase operation is performed.

The table below describes the corrective action to be taken according to the status provided by CODE_OP field in FLASH_OPSR.

Table 56. Flash operation interrupted by a system reset

Note: For single and burst write, it is mandatory to perform a page erase because the current flash memory locations may no longer be writable. Consequently, the remaining page content must be saved before page erase and restored afterwards.

For OTP write, it is not possible to perform a page erase. The OTP quad-word is lost.

For burst write, ADDR_OP gives the first address of burst. User must restart the same burst operation.

For page erase, ADDR_OP gives the first address of erased page.

7.4 FLASH option bytes

7.4.1 Option bytes description

The option bytes are configured by the end user depending on the application requirements. As a configuration example, the watchdog may be selected in hardware or software mode (refer to Section 7.4.2 ). The user option bytes are accessible through the flash memory registers.

Table 57 describes the organization of all user option bytes available in flash memory registers.

Table 57. User option-byte organization mapping

7.4.2 Option-byte programming

After reset, the following option registers (FLASH_OPTR, FLASH_NSBOOTADD0R, FLASH_NSBOOTADD1R, FLASH_SECBOOTADD0R, FLASH_SECWM1R1, FLASH_SECWM1R2, FLASH_WRP1AR, FLASH_WRP1BR, FLASH_SECWM2R1, FLASH_SECWM2R2, FLASH_WRP2AR, FLASH_WRP2BR), as well as the OPT_STRT and OBL_LAUNCH bits in FLASH_NSCR are write protected. To run any option-byte operation, OPTLOCK must be cleared in FLASH_NSCR.

The following sequence is used to unlock this register:

1. 1. Unlock FLASH_NSCR register with the LOCK clearing sequence (refer to Unlock the secure/nonsecure FLASH control registers ).
2. 2. Write OPTKEY1 = 0x08192A3B in FLASH_OPTKEYR.
3. 3. Write OPTKEY2 = 0x4C5D6E7F in FLASH_OPTKEYR.

The user options can be protected against unwanted erase/program operations by setting OPTLOCK bit by software.

Note: If LOCK in FLASH_NSCR is set by software, OPTLOCK is automatically set too.

Option-byte modification sequence

To modify the user option value, follow the procedure below:

1. 1. Check that no flash memory operation is on going by checking BSY in FLASH_NSSR.
2. 2. Clear OPTLOCK with the clearing sequence described above.
3. 3. Write the desired options value in options registers.
4. 4. Set OPTSTRT in FLASH_NSCR.
5. 5. Wait for BSY bit to be cleared.
6. 6. Set OBL_LAUNCH option bit to start option-byte loading.

Note: If OPTWERR or PGSERR error bit is set, the old option-byte values are kept.

Option-byte loading (OBL)

After BSY is cleared, all new options are updated in the flash memory but they are not applied to the system. They affect the system when they are loaded. The OBL is performed in two cases:

• • when OBL_LAUNCH is set in FLASH_NSCR
• • after a power reset (BOR reset or exit from Standby or Shutdown mode)

On system-reset rising, internal option registers are copied into option registers. These registers are also used to modify the option bytes. If these registers are not modified by the user, they reflect the option states of the system.

Rules for modifying specific option bytes

Some of the option-byte bitfields must respect specific rules before being updated with new values. These option bytes, as well as the associated constraints, are described below:

• • TZEN option bit
  • – TZEN can only be set on RDP level 0.
  • – TZEN deactivation is only possible when RDP is changing from level 1 to level 0.

• • BOOT_LOCK option bit
  • – BOOT_LOCK has only effect when TZEN is set.
  • – BOOT_LOCK can be set without any constraint.
  • – BOOT_LOCK deactivation is only possible when RDP is level 0.
• • SWAP_BANK option bit
  • – It cannot be modified when BOOT_LOCK and TZEN option bits are set.
• • SECBOOTADD0 option bytes
  • – It cannot be modified when BOOT_LOCK option bit is set.
• • DUALBANK option bit
  • – It cannot be modified when BOOT_LOCK and TZEN option bits are set.
• • SECWMxRy option bits
  • – Secure option bits (SECWMx_PSTRT[6:0] and SECWMx_PEND[6:0]), and HDP option bits (HDPx_PEND[6:0] and HDPxEN) area in bank x cannot be modified when HDPx_ACCDIS bit is set.
• • RDP option bits
  • – Refer to Device life cycle managed by readout protection (RDP) transitions .
• • WRPxR option bits
  • – These bits cannot be modified when their UNLOCK bit is cleared.
• • UNLOCK option bits
  • – These bits can be set only when regressing from RDP level 1 to level 0.

If the user options modification tries to set or modify one of the listed option bytes without following their associated rules, the option-byte modification is discarded and OPTWERR error flag is set.

7.5 FLASH TrustZone security and privilege protections

7.5.1 TrustZone security protection

The global TrustZone system security is activated by setting TZEN in FLASH_OPTR.

When TrustZone is active (TZEN = 1), the following additional security features are available:

• • secure watermark-based user option bytes defining secure and HDP areas
• • secure or nonsecure block-based area that can be configured on-the-fly after reset (volatile secure area)
• • an additional RDP protection: RDP level 0.5
• • erase or program operation that can be performed in secure or nonsecure mode with associated configuration bit.

When the TrustZone is disabled (TZEN = 0), the above features are deactivated and all secure registers are RAZ/WI.

Activate TrustZone security

When the TrustZone is activated (TZEN is modified from 0 to 1), the secure watermark-based user options bytes are set to default secure state: all flash memory is secure, and no HDP area, as shown in Table 58 .

Illegal access generation

A nonsecure access to a secure flash memory area is RAZ/WI, and generates an illegal access event. An illegal access interrupt is generated if the FLASHIE illegal access interrupt is enabled in TZIC_IER2.

A nonsecure access to a secure FLASH register generates an illegal access event. An illegal access interrupt is generated if the FLASH_REGIE illegal access interrupt is enabled in TZIC_IER2.

Deactivate TrustZone security

Deactivation of TZEN (from 1 to 0) is only possible when the RDP changes from level 1 to level 0.

When the TrustZone is deactivated (TZEN is modified from 1 to 0) after the OBL, the following security features are deactivated:

• • watermark-based secure area (refer to Section 7.5.2 )
• • block-based secure area (refer to Section 7.5.4 )
• • RDP level 0.5 (refer to Section 7.6.2 )
• • secure interrupts (refer to Section 7.8 )

All secure registers are RAZ/WI.

7.5.2 Watermark-based secure flash memory area protection

When TrustZone security is active (TZEN = 1), a part of the flash memory can be protected against nonsecure read and write accesses. Up to two different non-volatile secure areas can be defined by option bytes, and can be read or written by a secure access only: one area per bank can be selected with a page granularity.

The secure areas are defined by a start-page offset and end-page offset using SECWMx_PSTRT and SECWMx_PEND (x = 1,2 for area 1 and area 2) option bytes. These offsets are defined in FLASH_SECWM1R1 and FLASH_SECWM2R1.

SECWMx_PSTRT and SECWMx_PEND option bytes can only be modified by secure firmware when HDPx_ACCDIS bit is reset. If this bit is set, SECWMx_PSTRT and SECWMx_PEND cannot be modified until next system reset.

Table 59. Secure watermark-based area (continued)

Caution: Switching a flash memory area from secure to no-secure does not erase its content. The user secure software must perform the needed operation to erase the secure area before switching an area to nonsecure attribute whenever is needed. It is also recommended to flush the instruction cache.

7.5.3 Secure hide protection (HDP)

The secure HDP area is part of the flash memory watermark-based secure area. Access to the hide-protection area can be denied by setting HDPx_ACCDIS in FLASH_SECHDPCR.

When HDPx_ACCDIS is set, instruction fetch, data read, write, and erase operations on this HDP area are denied. For example, software code in the secure-flash hide-protected area can be executed only once, and deny any further access to this area until next system reset. HDPx_ACCDIS can be only cleared by a system reset.

Note: The software must take any appropriate action to protect the HDP code before resetting the HDPxEN bit such as erasing the HDP area and flushing the instruction cache.

One non-volatile secure HDP area per bank can be defined with a page granularity.

The secure HDP area is enabled by HDPxEN (x = 1,2 for area 1 and area 2).

When HDPxEN is reset, there is no HDP area. The HDPxEN bit can be set or reset on the fly by the secure firmware if HDPx_ACCDIS bit is reset. If HDPx_ACCDIS is set, HDPxEN and secure watermark configuration cannot be modified until next system reset.

The secure HDP area size is defined by the end-page offset using HDPx_PEND option bytes while the start-page offset is already defined by SECWMx_PSTRT option bytes. These offsets are defined in the secure watermark registers address registers: FLASH_SECWM1R1, FLASH_SECWM1R2, FLASH_SECWM2R1, and FLASH_SECWM2R2.

For example, to protect by HDP from the address 0x0C00 4000 (included) to the address 0x0C00 5FFF (included):

• • If the banks are not swapped, the option bytes registers must be programmed with:
  • – SECWM1_PSTRT = 0x2
  • – HDP1_PEND = 0x3
• • If the two banks are swapped, the protection must apply to bank 2 and the option bytes registers must be programmed with:
  • – SECWM2_PSTRT = 0x2
  • – HDP2_PEND = 0x3

Note: For more details on the bank swapping mechanism, refer to Section 7.5.8.

If an invalid secure HDP area is defined as described in the table below, the OPTWERR flag error is set and option bytes modification is discarded.

Table 60. Secure hide protection

The table below summarizes the possible secure and HPD protection area configurations.

Table 61. Secure and HDP protections

7.5.4 Block-based secure flash memory area protection

Any page can be programmed on-the-fly as secure or nonsecure using the block-based configuration registers. FLASH_SECB1Rx (resp. FLASH_SECB2Rx) are used to configure the security attribute for pages in bank 1 (resp. bank 2).

When the page security attribute, bit i in SECyBBRx, is set, the security attribute is the same as the secure watermark-based area. The secure page is only accessible by a secure access.

If SECyBBi bit is set or reset for a page already included in a secure watermark-based area, the page keeps the watermark-based protection security attributes.

To modify a block-based page security attribution, the following actions are recommended:

• • Check that no flash memory operation is ongoing on the related page.
• • Add an ISB instruction after modifying the page security attribute bit i in SECyBBRx.

Caution: Switching a page or memory block from secure to nonsecure does not erase the content of the associated block. User secure software must perform the following needed operations before switching a block to nonsecure attribute:

• • Erase page content,
• • Invalidate the instruction cache.

Note: For SECyBBRx bit i access control, refer to Table 75 .

7.5.5 Flash security attribute state

The flash memory is secure when at least one secure area is defined either by watermark-based option bytes or block-based security registers.

It is possible to override the flash security state using the INV bit in the FLASH_SECCR register.

The FLASHEN and FLASHSMEN bits security attributes in RCC follow the flash memory security attribute. It is possible to override the flash memory security attribute in RCC using the INV bit in the FLASH_SECCR register. A secure firmware setting this INV bit allows a nonsecure firmware to disable the flash memory clock when the flash memory is in power down or when the MCU enters low-power modes.

Table 62. Flash security state

7.5.6 Block-based privileged flash memory area protection

Any page can be programmed on the fly as privileged or unprivileged using the block-based configuration registers. FLASH_PRIVBB1Rx (resp. FLASH_PRIVBB2Rx) registers are used to configure the privilege attribute for pages in bank 1 (resp. bank 2).

When the page privilege attribute, bit i in PRIVyBBRx, is set, the page is only accessible by a privileged access. An unprivileged page is accessible by a privileged or unprivileged access.

To modify a block-based privilege attribution, the following actions are recommended:

• • Check that no flash operation is ongoing on the related page.
• • Add an ISB instruction after modifying the page security attribute bit i in PRIVyBBRx.

Caution: Switching a page or memory block from privileged to unprivileged does not erase the content of the associated block.

Note: For PRIVyBBRx bit i access control, refer to Table 76 and Table 77 .

7.5.7 Flash memory registers privileged and unprivileged modes

The flash memory registers can be read and written by privileged and unprivileged accesses depending on SPRIV and NSPRIV bits in FLASH_PRIVCFGR, with the following rules:

• • When the SPRIV (resp. NSPRIV) is reset, all secure (resp. nonsecure) flash memory registers can be read and written by both privileged or unprivileged access.
• • When the SPRIV (resp. NSPRIV) is set, all secure (resp. nonsecure) flash memory registers can be read and written by privileged access only. Unprivileged access to a privileged registers is RAZ/WI.

Table 72 summarizes the flash memory registers access control.

7.5.8 Flash memory bank attributes in case of bank swap

The SWAP_BANK option bit modifies the address of each bank in the memory map. When SWAP_BANK is reset, the flash memory bank 1 is at the lower address range. When SWAP_BANK is set, the flash memory bank 1 is at the higher address range.

Flash memory bank attributes follow their bank so there is no need to modify the following registers when swapping banks:

• • FLASH secure watermark y register x FLASH_SECWMyRx
• • FLASH write protection x area y FLASH_WRPxyR (refer to Section 7.6.1 )
• • FLASH secure block based bank y register x FLASH_SECyBBRx
• • FLASH privilege block based bank y register x FLASH_PRIVyBBRx
• • PDREQx bits in FLASH_ACR
• • PDx bits in FLASH_NSSR

Note: BK_ECC bit in FLASH_ECCR always refers to bank 1 (resp. bank 2) when it is low (resp. high), whatever SWAP_BANK value.

BK_OP bit in FLASH_OPSR always refers to bank 1 (resp. bank 2) when it is low (resp. high), whatever SWAP_BANK value.

The figures below show how security attributes and protections behave in case of bank swap.

Figure 23. Flash memory security attributes and protections in case of no bank swap (SWAP_BANK = 0)

1. 1. Valid for STM32U59x/5Ax/5Fx/5Gx. Bank 2 base address is 0x0810 0000/0x0C10 0000 for STM32U575/585, and 0x0804 0000/0x0C04 0000 for STM32U535/545.
2. 2. Refer to Table 51 to Table 53 for last page number on each device.

Figure 24. Flash memory security attributes and protections in case of bank swap (SWAP_BANK = 1)

1. 1. Valid for STM32U59x/5Ax/5Fx/5Gx. Bank 1 base address is 0x0810 0000/0x0C10 0000 for STM32U575/585, and 0x0804 0000/0x0C04 0000 for STM32U535/545.
2. 2. Refer to Table 51 to Table 53 for last page number on each device.

7.6 FLASH memory protection

The flash memory interface implements the following protection mechanisms:

• • write protection (WRP)
• • readout protection (RDP)

• • additional secure protections when TrustZone is active (refer to Section 7.5 )
  • – up to two secure watermark-based non-volatile areas
  • – up to two secure hide protection areas
  • – secure block-based volatile areas with page granularity
• • privileged block-based volatile areas with page granularity (refer to Section 7.5.6 )

7.6.1 Write protection (WRP)

The user area in flash memory can be protected against unwanted write operations. Two write-protected (WRP) areas can be defined in each bank, with page granularity.

Each area is defined by a start page offset and an end page offset related to the physical flash bank base address. These offsets are defined in the WRP address registers: FLASH_WRP1AR, FLASH_WRP1BR, FLASH_WRP2AR, and FLASH_WRP2BR.

The bank “x” WRP “y” area (x = 1,2 and y = A,B) is defined as follows:

• • from the address: bank “x” base address + [WRPxy_PSTRT x 0x2000] (included)
• • to the address: bank “x” base address + [(WRPxy_PEND+1) x 0x2000] (excluded)

For example, to protect by WRP from the address 0x0806 2000 (included) to the address 0x0807 3FFF (included):

• • If the banks are not swapped, FLASH_WRP1AR register must be programmed with:
  • – WRP1A_PSTRT = 0x31
  • – WRP1A_PEND = 0x39

WRP1B_PSTRT and WRP1B_PEND in FLASH_WRP1BR can be used instead (area “B” in bank 1).

• • If the two banks are swapped, the protection must apply to bank 2, and FLASH_WRP2AR register must be programmed with:
  • – WRP2A_PSTRT = 0x31
  • – WRP2A_PEND = 0x39

WRP2B_PSTRT and WRP2B_PEND in FLASH_WRP2BR can be used instead (area “B” in bank 2).

Note: For more details on the bank swapping mechanism, refer to Section 7.5.8 .

When WRP is active, protected flash memory pages cannot be erased or programmed. Consequently, a software mass erase cannot be performed if one area is write-protected.

If an erase/program operation to a write-protected part of the flash memory is attempted, the secure or nonsecure write protection error flag (WRPERR) is set in the FLASH_NSSR or FLASH_SECSR register. This flag is also set for any write access to the following:

• • system flash memory
• • OTP area

Note: When the memory readout protection level 1 is selected (RDP level = 1), it is not possible to program or erase the flash memory (secure or nonsecure) if the CPU debug features are connected (JTAG or single wire) or boot code is being executed from RAM or system flash memory, even if WRP is not activated.

When the memory readout protection level 0.5 is selected (RDP level = 0.5), it is not possible to program or erase the flash secure memory if the CPU debug features are connected (JTAG or single wire), even if WRP is not activated.

Note: To validate the WRP options, the option bytes must be reloaded through the OBL_LAUNCH bit in the flash control register.

Table 63. WRP protection

Write protection lock

Each WRP area can be independently locked by writing 0 to UNLOCK in FLASH_WRP1AR, FLASH_WRP1BR, FLASH_WRP2AR, or FLASH_WRP2BR. Once a WRP area is locked, it is not possible to modify its settings. In order to unlock a WRP area, a regression to RDP level 0 must be launched.

In order to make the WRP area immutable and act as a ROM, the following actions are needed:

• • If RDP level is 0, 0.5 or 1, provision a OEM1KEY in order to prevent a regression to RDP level 0 for users not knowing the key.
• • If RDP level is 2, either provision a OEM1KEY (refer to first bullet) or do not provision a OEM2KEY (preventing regression from level 2 to level 1).

For more information on RDP regressions, refer to Device life cycle managed by readout protection (RDP) transitions .

7.6.2 Readout protection (RDP)

The readout protection protects the flash main memory, the option bytes, the backup registers, the backup RAM and the SRAMs. In order to reach the best protection level, it is recommended to activate TrustZone and to set the RDP Level 2 with password authentication regression enabled (refer to Readout protection levels when TrustZone is enabled ).

Readout protection levels when TrustZone is disabled

There are three levels of readout protection from no protection (level 0) to maximum protection or no debug (level 2).

The flash memory is protected according to the RDP option byte value shown in the table below.

Table 64. Flash memory readout protection status (TZEN = 0)

• • Level 0: no protection

Read, program and erase operations into the flash main memory area are possible. The option bytes, the SRAMs and the backup registers are also accessible by all operations.

• • Level 1: readout protection

When the readout protection level 1 is set:

• – User mode: code executing in user mode ( boot flash ) can access the flash main memory, option bytes, SRAMs and backup registers with all operations (read, erase, program).
• – Debug, boot RAM, and bootloader modes: in debug mode or when the MCU boots from RAM or system memory, the flash main memory, backup registers, the backup RAM, and the SRAM2 are totally inaccessible: any read or write access to the flash main memory generates a bus error and a HardFault interrupt. The on-the-fly decryption region (OTFDEC on OCTOSPI) is read as zero.

• • Level 2: no debug

When the readout protection level 2 is set:

• – The protection level 1 is guaranteed.
• – All debug features are disabled:
  • . if OEM2 key has not been provided, JTAG and SWD are definitively disabled.
  • . if OEM2 key has been provided under a lower RDP protection, JTAG and SWD remain enabled under reset only to interface with DBGMCU_SR, DBGMCU_DBG_AUTH_HOST and DBGMCU_DBG_AUTH_DEVICE registers to obtain device identification and provide OEM2 key to request RDP regression.
• – The boot from SRAM (boot RAM mode) and the boot from system memory (bootloader mode) are no longer available.
• – Only boot from main flash memory is possible; all operations are allowed on the flash main memory. Read, erase and program accesses to the flash memory and SRAMs from user code are allowed.
• – Option bytes cannot be programmed nor erased except the SWAP_BANK option bit. Thus, the level 2 cannot be removed: it is an irreversible operation unless an OEM2 key has been provisioned (refer to OEM2 RDP lock mechanism ).

Note: The debug feature is also disabled under reset.

STMicroelectronics is not able to perform analysis on defective parts on which the level 2 protection has been set. Regress parts to RDP level 1 before returning them for analysis (refer to OEM2 RDP lock mechanism ).

Table 65. Access status versus protection level and execution modes when TZEN = 0

1. 1. When the protection level 2 is active, the debug port, the boot from RAM and the boot from system memory are disabled.
2. 2. The system memory is only read-accessible, whatever the protection level (0, 1 or 2) and execution mode.
3. 3. Option bytes are only accessible through the FLASH registers interface and OPTSTRT bit.
4. 4. The flash main memory is erased when the RDP option byte changes from level 1 to level 0.
5. 5. SWAP_BANK option bit can be modified.
6. 6. OTP can only be written once.
7. 7. The backup registers are erased when RDP changes from level 1 to level 0.
8. 8. All SRAMs are erased when RDP changes from level 1 to level 0.
9. 9. The OTFDEC keys are erased when the RDP option byte changes from level 1 to level 0.

Readout protection levels when TrustZone is enabled

There are four levels of readout protection from no protection (level 0) to maximum protection or no debug (level 2). The flash memory is protected according to the RDP option byte value shown in the table below.

Table 66. Flash memory readout protection status (TZEN = 1)

Table 66. Flash memory readout protection status (TZEN = 1) (continued)

• • Level 0: no protection

Read, program and erase operations into the flash main memory area are possible. The option bytes, the SRAMs and the backup registers are also accessible by all operations.

• – RSS mode: when booting from RSS, the debug access is disabled while executing RSS code.

• • Level 0.5: nonsecure debug only

All read and write operations (if no write protection is set) from/to the nonsecure flash memory are possible. The debug access to secure area is prohibited. Debug access to nonsecure area remains possible.

• – User mode: code executing in user mode ( boot flash ) can access the flash main memory, option bytes, SRAMs and backup registers with all operations (read, erase, program).
• – Nonsecure debug mode: nonsecure debug is possible when the CPU is in nonsecure state. The secure flash memory, the secure backup registers and SRAMs area are inaccessible; the nonsecure flash memory, the nonsecure backup registers and the nonsecure SRAMs area remain accessible for debug purpose.
• – RSS mode: when booting from RSS, the debug access is disabled while executing RSS code.
• – Boot RAM mode: boot from SRAM is not possible.

• • Level 1: readout protection

When the readout protection level 1 is set:

• – User mode: code executing in user mode ( boot flash ) can access the flash main memory, option bytes, SRAMs and backup registers with all operations (read, erase, program).
• – Nonsecure debug mode: nonsecure debug is possible when the CPU is in nonsecure state. However, an intrusion is detected in case of debug access: the flash main memory, the backup registers, the backup RAM and the SRAM2 are totally inaccessible; any read or write access to the flash main memory generates a bus error and a hard fault interrupt. The on-the-fly decryption region (OTFDEC on OCTOSPI) is read as zero.
• – RSS mode: when booting from RSS, the debug access is disabled while executing RSS code.
• – Boot RAM mode: boot from SRAM is not possible.

• • Level 2: no debug

When the readout protection level 2 is set:

• – The protection level 1 is guaranteed.
• – All debug features are disabled
  • . if OEM2 key has not been provided, JTAG and SWD are definitively disabled.
  • . if OEM2 key has been provided under a lower RDP protection, JTAG and SWD remain enabled under reset only to interface with DBGMCU_SR, DBGMCU_DBG_AUTH_HOST and DBGMCU_DBG_AUTH_DEVICE registers to obtain device identification and provide OEM2 key to request RDP regression.
• – The boot from SRAM (boot RAM mode) and the boot from system memory (boot loader mode) are no longer available.
• – Boot from RSS is possible.
• – When booting from main flash or RSS, all operations are allowed on the flash main memory. Read, erase and program accesses to flash memory and SRAMs from user code are allowed.
• – Option bytes cannot be programmed nor erased except the SWAP_BANK option bit. Thus, the level 2 cannot be removed: it is an irreversible operation unless an OEM2 key has been provisioned (refer to OEM2 RDP lock mechanism ).

Note: The debug feature is also disabled under reset.

STMicroelectronics is not able to perform analysis on defective parts on which the level 2 protection has been set. Regress parts to RDP level 1 before returning them for analysis (refer to OEM2 RDP lock mechanism).

Table 67. Access status versus protection level and execution modes when TZEN = 1

Table 67. Access status versus protection level and execution modes when TZEN = 1 (continued)

1. 1. When the protection level 2 is active, the debug port and the bootloader mode are disabled.
2. 2. Depends on TrustZone security access rights.
3. 3. The system memory is only read-accessible, whatever the protection level (0, 1 or 2) and execution mode.
4. 4. Option bytes are only accessible through the flash registers interface and OPTSTRT bit.
5. 5. The bootloader can only modify nonsecure option bytes.
6. 6. The flash main memory is erased when the RDP option byte regresses from level 1 to level 0.
7. 7. SWAP_BANK option bit can be modified.
8. 8. OTP can only be written once.
9. 9. The backup registers are erased when RDP changes from level 1 to level 0 and when RDP changes from level 1 to level 0.5.
10. 10. All SRAMs are erased when RDP changes from level 1 to level 0 and when RDP changes from level 1 to level 0.5.
11. 11. The OTFDEC keys are erased when the RDP option byte changes from level 1 to level 0 and when RDP changes from level 1 to level 0.5.

Device life cycle managed by readout protection (RDP) transitions

It is easy to move from level 0 or level 0.5 to level 1 by changing the value of the RDP byte to any value (except 0xCC). By programming the 0xCC value in the RDP byte, it is possible to go to level 2 either directly from level 0 or from level 0.5 or from level 1. Once in level 2, it is no longer possible to modify the readout protection level unless an OEM2 key is provisioned (refer to OEM2 RDP lock mechanism ).

When the RDP is reprogrammed to the value 0xAA to move from level 1 to level 0, a mass erase of the flash main memory and all SRAMs is performed. The backup registers, the OTFDEC keys, ICACHE, DCACHE, and PKA SRAM are also erased. The OTP area is not erased.

At RDP level 0.5, it is not possible to request RDP level 0. Instead, a RDP increase to level 1 followed by a RDP regression to level 0 is required.

When the RDP is programmed to the value 0x55 to move from level 1 to level 0.5, a partial mass erase of the flash main memory is performed. Only nonsecure watermark-based

areas are erased (even if it is defined as secure by block-based). The backup registers, the OTFDEC keys, ICACHE, DCACHE, PKA SRAM, and all SRAMs are mass erased. The OTP area is not erased. The RDP level 0.5 and partial nonsecure erase are only available when TrustZone is active.

Note: Full mass erase is performed only when level 1 is active and level 0 requested. When the protection level is increased (0 to 0.5, 0 to 1, 0.5 to 1, 1 to 2, 0 to 2 or 0.5 to 2), there is no mass erase.
To validate the readout protection level change, the option bytes must be reloaded through the OBL_LAUNCH bit in FLASH nonsecure control register (FLASH_NSCR) .
Before launching a RDP regression, the software must invalidate the ICACHE and wait for the BUSYF bit to get cleared.

Figure 25. RDP level transition scheme when TrustZone is disabled (TZEN = 0)

Figure 26. RDP level transition scheme when TrustZone is enabled (TZEN = 1)

OEM1/OEM2 lock activation

Two 64-bit keys (OEM1KEY and OEM2KEY) can be defined in order to lock the RDP regression. Each 64-bit key is coded on two registers: FLASH_OEM1KEYR1 (resp. FLASH_OEM2KEYR1), and FLASH_OEM1KEYR2 (resp. FLASH_OEM2KEYR2). OEM1KEY and OEM2KEY cannot be read through these registers. They are read as zero.

OEM1KEY can be modified:

• • in readout protection level 0
• • in readout protection level 0.5 or 1 if OEM1LOCK = 0 in FLASH_NSSR

OEM2KEY can be modified:

• • in readout protection level 0 or 0.5
• • in readout protection level 1 if OEM2LOCK = 0 in FLASH_NSSR

When attempting to modify FLASH_OEM1KEYR1, FLASH_OEM1KEYR2 (or FLASH_OEM2KEYR1, FLASH_OEM2KEYR2) without following these rules, the user option modification is not done, and the OPTWERR bit is set.

In order to activate OEM1 lock mechanism, the following steps are needed:

• • Check that the OEM1LOCK bit is not set or that the readout protection is at level 0.
• • Write a 64-bit key in FLASH_OEM1KEYR1 and FLASH_OEM1KEYR2.
• • Launch option modification by setting the OPTSTRT bit in FLASH_NSCR.
• • Wait for the BSY bit to be cleared and check that OPTWERR is not set.

• • Set the OBL_LAUNCH option bit to start option bytes loading or perform a power-on reset.
• • Check that OEM1LOCK is set.

In order to activate OEM2 lock mechanism, the following steps are needed:

• • Check that the OEM2LOCK bit is not set or that the readout protection is at level 0 or 0.5.
• • Write a 64-bit key in FLASH_OEM2KEYR1 and FLASH_OEM2KEYR2.
• • Launch option modification by setting the OPTSTRT bit in FLASH_NSCR.
• • Wait for the BSY bit to be cleared and check that OPTWERR is not set.
• • Set the OBL_LAUNCH option bit to start option bytes loading or perform a power-on reset.
• • Check that OEM2LOCK is set.

Note: The OEM1KEY and OEM2KEY must not contain only 1 or only 0.

OEM1 RDP lock mechanism

The OEM1 RDP lock mechanism is active when the OEM1LOCK bit is set. It blocks the RDP level 1 to RDP level 0 regression.

In order to regress from RDP level 1 to RDP level 0, the following unlock sequence must be applied:

• • Shift OEM1KEY[31:0] then OEM1KEY[63:32] through JTAG or SWD in the DBGMCU_DBG_AUTH_HOST register.
• • If this key matches the OEM1KEY value, the RDP regression can be launched by setting the OPTSTRT bit.
• • If the key does not match the OEM1KEY value, the RDP regression and any access to the flash memory are blocked until a next power-on reset.

Attempting to regress from RDP level 1 to RDP level 0 without following this sequence sets the OPTWERR option bit and the option bytes remain unchanged.

When the lock mechanism is not activated (OEM1LOCK =0), the regression from RDP level 1 to RDP level 0 is always granted.

OEM2 RDP lock mechanism

The OEM2 RDP lock mechanism is active when the OEM2LOCK bit is set. It allows the following actions:

• • Block RDP level 1 to RDP level 0.5 regression.
• • Authorize RDP level 2 to RDP level 1 regression.

In order to regress from RDP level 1 to RDP level 0.5, the following unlock sequence must be applied:

• • Shift OEM2KEY[31:0] then OEM2KEY[63:32] through JTAG or SWD under reset in the DBGMCU_DBG_AUTH_HOST register.
• • If this key matches the OEM2KEY value, the RDP regression can be launched by setting the OPTSTRT bit.
• • If the key does not match the OEM2KEY value, the RDP regression and any access to the flash memory are blocked until a next power-on reset.

In order to regress from RDP level 2 to RDP level 1, the following unlock sequence must be applied:

• • Shift OEM2KEY[31:0] then OEM2KEY[63:32] through JTAG or SWD under reset in the DBGMCU_DBG_AUTH_HOST register.
• • If this key matches the OEM2KEY value:
  • – the RDP regression is launched by hardware (it is not possible to execute instructions when the key is matching).
  • – apply a power-on reset (cycle V _DD power supply OFF and ON).
• • if the key does not match the OEM2KEY value, the RDP regression and any access to the flash memory are blocked until a next power-on reset.

Attempting to regress from RDP level 2 to RDP level 1 without following these sequences, leaves option bytes unchanged.

Attempting to regress from RDP level 1 to RDP level 0.5 without following these sequences, sets the OPTWERR option bit and the option bytes remain unchanged.

When the lock mechanism is not activated (OEM2LOCK =0), the following happens:

• • The regression from RDP level 1 to RDP level 0.5 is always granted.
• • The regression from RDP level 2 to RDP level 1 is never granted. When attempting to modify the options bytes, the protection error flag OPTWERR is set in the FLASH_NSSR register and an interrupt can be generated.

7.7 Flash memory and FLASH registers access control

The tables below summarize all the flash memory and registers accesses status versus RDP level, WRP and HDP protections.

Table 68. Flash memory access versus RDP level when TrustZone is active (TZEN = 1)

1. 1. RDP level 1 no intrusion = when booting from user flash memory and no debug access.
2. 2. RDP level 1 with intrusion = when debug access detected.
3. 3. Others refers to the other flash memory secure configurations than the one described for HDP protections. Example: Flash memory secure and HDP area enabled but ACCDIS = 0.

Table 69. Flash memory access versus RDP level when TrustZone is disabled (TZEN = 0)

1. 1. RDP Level 1 no intrusion = when booting from user flash memory and no debug access.
2. 2. RDP Level 1 with intrusion = when booting from RAM or system memory or debug access detected.

Table 70. Flash memory mass erase versus RDP level when TrustZone is active (TZEN = 1)

1. 1. RDP Level 1 no intrusion = when booting from user flash memory and no debug access.
2. 2. RDP Level 1 with intrusion = when debug access detected.
3. 3. Others refers to the other flash memory secure configurations than the one described for HDP protections. Example: Flash memory secure and HDP area enabled but ACCDIS = 0.

1. Valid for all RDP levels.

2. Flash memory illegal access event is generated when TZEN = 1.

1. Except SECyBBRx, PRIVyBBRx and PRIVCFGR registers.

2. Secure access is only valid when TrustZone is active (TZEN = 1).

3. Nonsecure access are valid when TrustZone is active or disabled.

4. Flash register illegal access event is only generated when TZEN = 1.

1. When TZEN = 1, access must be granted by security firewall before privilege is considered.

1. When TZEN = 1, access must be granted by security firewall before privilege is considered.

7.8 FLASH interrupts

Table 78. Flash interrupt requests

1. Secure EOP (resp. nonsecure EOP) is set only if secure EOPIE (resp. nonsecure EOPIE) is set.

2. Secure OPERR (resp. nonsecure OPERR) is set only if secure ERRIE (resp. nonsecure ERRIE) is set.

7.9 FLASH registers

7.9.1 FLASH access control register (FLASH_ACR)

Address offset: 0x00

Reset value: 0x0000 0000

Access: no wait state when no flash memory read is ongoing; word, half-word, and byte access

This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFGR register.

Bits 31:15 Reserved, must be kept at reset value.

Bit 14 SLEEP_PD : Flash memory power-down mode during Sleep mode

This bit determines whether the flash memory is in power-down mode or Idle mode when the device is in Sleep mode.

0: Flash memory in Idle mode during Sleep mode

1: Flash memory in power-down mode during Sleep mode

Caution: The flash memory must not be put in power-down while a program or an erase operation is ongoing.

Bit 13 PDREQ2 : Bank 2 power-down mode request

This bit is write-protected with FLASH_PDKEY2R. This bit requests bank 2 to enter power-down mode. When bank 2 enters power-down mode, this bit is cleared by hardware and the PDKEY2R is locked.

0: No request for bank 2 to enter power-down mode

1: Bank 2 requested to enter power-down mode

Bit 12 PDREQ1 : Bank 1 power-down mode request

This bit is write-protected with FLASH_PDKEY1R. This bit requests bank 1 to enter power-down mode. When bank 1 enters power-down mode, this bit is cleared by hardware and the PDKEY1R is locked.

0: No request for bank 1 to enter power-down mode

1: Bank 1 requested to enter power-down mode

Bit 11 LPM : Low-power read mode

This bit puts the flash memory in low-power read mode.

0: Flash memory not in low-power read mode

1: Flash memory in low-power read mode

Bits 10:9 Reserved, must be kept at reset value.

Bit 8 PRFTEN : Prefetch enable

This bit enables the prefetch buffer in the embedded flash memory.

0: Prefetch disabled

1: Prefetch enabled

Bits 7:4 Reserved, must be kept at reset value.

Bits 3:0 LATENCY[3:0] : Latency

These bits represent the ratio between the HCLK (AHB clock) period and the flash memory access time.

0000: Zero wait state

0001: One wait state

0010: Two wait states

...

1111: Fifteen wait states

7.9.2 FLASH nonsecure key register (FLASH_NSKEYR)

Address offset: 0x08

Reset value: 0x0000 0000

Access: one wait state; word access

This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFGR register.

Bits 31:0 NSKEY[31:0] : Flash memory nonsecure key

The following values must be written consecutively to unlock the FLASH_NSCR register, allowing the flash memory nonsecure programming/erasing operations:

KEY1: 0x4567 0123

KEY2: 0xCDEF 89AB

7.9.3 FLASH secure key register (FLASH_SECKEYR)

Address offset: 0x0C

Reset value: 0x0000 0000

Access: one wait state; word access

This register is secure. It can be read and written only by secure access. A nonsecure read/write access is RAZ/WI.

This register can be protected against unprivileged access when SPRIV = 1 in FLASH_PRIVCFGR register.

Bits 31:0 SECKEY[31:0] : Flash memory secure key

The following values must be written consecutively to unlock the FLASH_SECCR register, allowing the flash memory secure programming/erasing operations:

KEY1: 0x4567 0123

KEY2: 0xCDEF 89AB

7.9.4 FLASH option key register (FLASH_OPTKEYR)

Address offset: 0x10

Reset value: 0x0000 0000

Access: one wait state; word access

This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFG register.

Bits 31:0 OPTKEY[31:0] : Option-byte key

The following values must be written consecutively to unlock the FLASH_OPTR register allowing option byte programming/erasing operations:

KEY1: 0x0819 2A3B

KEY2: 0x4C5D 6E7F

7.9.5 FLASH bank 1 power-down key register (FLASH_PDKEY1R)

Address offset: 0x18

Reset value: 0x0000 0000

Access: no wait state; word access

This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFG register.

Bits 31:0 PDKEY1[31:0] : Bank 1 power-down key

The following values must be written consecutively to unlock PDREQ1 bit in FLASH_ACR:

PDKEY1_1: 0x0415 2637

PDKEY1_2: 0xFAFB FCFD

7.9.6 FLASH bank 2 power-down key register (FLASH_PDKEY2R)

Address offset: 0x1C

Reset value: 0x0000 0000

Access: no wait state; word access

This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFG register.

Bits 31:0 PDKEY2[31:0] : Bank 2 power-down key

The following values must be written consecutively to unlock PDREQ2 bit in FLASH_ACR:

PDKEY2_1: 0x4051 6273

PDKEY2_2: 0xAFBF CFDF

7.9.7 FLASH nonsecure status register (FLASH_NSSR)

Address offset: 0x20

Reset value: 0x000X 0000

Access: no wait state; word, half-word and byte access

This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFG register.

Bits 31:22 Reserved, must be kept at reset value.

Bit 21 PD2 : Bank 2 in power-down mode

This bit indicates that the flash memory bank 2 is in power-down state. It is reset when bank 2 is in normal mode or being awaken.

Bit 20 PD1 : Bank 1 in power-down mode

This bit indicates that the flash memory bank 1 is in power-down state. It is reset when bank 1 is in normal mode or being awaken.

This bit indicates that the OEM2 RDP key read during the OBL is not virgin. When set, the OEM2 RDP lock mechanism is active.

This bit indicates that the OEM1 RDP key read during the OBL is not virgin. When set, the OEM1 RDP lock mechanism is active.

This bit indicates that the flash memory write buffer has been written by a secure or nonsecure operation. It is set when the first data is stored in the buffer and cleared when the write is performed in the flash memory.

This indicates that a flash memory secure or nonsecure operation is in progress. This bit is set at the beginning of a flash operation and reset when the operation finishes or when an error occurs.

Bits 15:14 Reserved, must be kept at reset value.

This bit is set by hardware when the options bytes are written with an invalid configuration. It is cleared by writing 1.

Refer to Section 7.3.9 for full conditions of error flag setting.

Bits 12:8 Reserved, must be kept at reset value.

This bit is set by hardware when programming sequence is not correct. It is cleared by writing 1. Refer to Section 7.3.9 for full conditions of error flag setting.

This bit is set by hardware when the size of the access is a byte or half-word during a nonsecure program sequence. Only quad-word programming is allowed by means of successive word accesses. This bit is cleared by writing 1.

This bit is set by hardware when the first word to be programmed is not aligned with a quad-word address, or the second, third or forth word does not belong to the same quad-word address. This bit is cleared by writing 1.

This bit is set by hardware when a nonsecure address to be erased/programmed belongs to a write-protected part (by WRP, HDP or RDP level 1) of the flash memory. This bit is cleared by writing 1. Refer to Section 7.3.9 for full conditions of error flag setting.

This bit is set by hardware when a nonsecure quad-word address to be programmed contains a value different from all 1 before programming, except if the data to write is all 0. This bit is cleared by writing 1.

Bit 2 Reserved, must be kept at reset value.

This bit is set by hardware when a flash memory nonsecure operation (program/erase) completes unsuccessfully. This bit is set only if nonsecure error interrupts are enabled (NSERRIE = 1). This bit is cleared by writing 1.

Bit 0 EOP : Nonsecure end of operation

This bit is set by hardware when one or more flash memory nonsecure operation (program/erase) has been completed successfully. This bit is set only if the nonsecure end of operation interrupts are enabled (EOPIE = 1 in FLASH_NSCR). This bit is cleared by writing 1.

7.9.8 FLASH secure status register (FLASH_SECSR)

Address offset: 0x24

Reset value: 0x0000 0000

Access: no wait state; word, half-word and byte access

This register is secure. It can be read and written only by secure access. A nonsecure read/write access is RAZ/WI. This register can be protected against unprivileged access when SPRIV = 1 in FLASH_PRIVCFGR register.

Bits 31:18 Reserved, must be kept at reset value.

Bit 17 WDW : Secure wait data to write

This bit indicates that the flash memory write buffer has been written by a secure or nonsecure operation. It is set when the first data is stored in the buffer and cleared when the write is performed in the flash memory.

Bit 16 BSY : Secure busy

This bit indicates that a flash memory secure or nonsecure operation is in progress. This is set on the beginning of a flash operation and reset when the operation finishes or when an error occurs.

Bits 15:8 Reserved, must be kept at reset value.

Bit 7 PGSERR : Secure programming sequence error

This bit is set by hardware when programming sequence is not correct. It is cleared by writing 1. Refer to Section 7.3.9 for full conditions of error flag setting.

Bit 6 SIZER : Secure size error

This bit is set by hardware when the size of the access is a byte or half-word during a secure program sequence. Only quad-word programming is allowed by means of successive word accesses. This bit is cleared by writing 1.

Bit 5 PGAERR : Secure programming alignment error

This bit is set by hardware when the first word to be programmed is not aligned with a quad-word address, or the second, third or forth word does not belong to the same quad-word address. This bit is cleared by writing 1.

Bit 4 WRPERR : Secure write protection error

This bit is set by hardware when a secure address to be erased/programmed belongs to a write-protected part (by WRP, HDP or RDP level 1) of the flash memory. This bit is cleared by writing 1. Refer to Section 7.3.9 for full conditions of error flag setting.

Bit 3 PROGERR : Secure programming error

This bit is set by hardware when a secure quad-word address to be programmed contains a value different from all 1 before programming, except if the data to write is all 0. This bit is cleared by writing 1.

Bit 2 Reserved, must be kept at reset value.

Bit 1 OPERR : Secure operation error

This bit is set by hardware when a flash memory secure operation (program/erase) completes unsuccessfully. This bit is set only if secure error interrupts are enabled (SECERRIE = 1). This bit is cleared by writing 1.

Bit 0 EOP : Secure end of operation

This bit is set by hardware when one or more flash memory secure operation (program/erase) has been completed successfully. This bit is set only if the secure end of operation interrupts are enabled (EOPIE = 1 in FLASH_SECCR). This bit is cleared by writing 1.

7.9.9 FLASH nonsecure control register (FLASH_NSCR)

Address offset: 0x28

Reset value: 0xC000 0000

Access: no wait state when no flash memory operation is ongoing; word, half-word, and byte access

This register can only be written when BSY or OBL_LAUNCH is reset. Otherwise, the write access is stalled until BSY bits are reset.

This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFGR register.

Bit 31 LOCK : Nonsecure lock

This bit is set only. When set, the FLASH_NSCR register is locked. It is cleared by hardware after detecting the unlock sequence in FLASH_NSKEYR register.

In case of an unsuccessful unlock operation, this bit remains set until the next system reset.

Bit 30 OPTLOCK : Option lock

This bit is set only. When set, all bits concerning user options in FLASH_NSCR register are locked. This bit is cleared by hardware after detecting the unlock sequence. LOCK bit in FLASH_NSCR must be cleared before doing the unlock sequence for OPTLOCK bit. In case of an unsuccessful unlock operation, this bit remains set until the next reset.

Bits 29:28 Reserved, must be kept at reset value.

Bit 27 OBL_LAUNCH : Force the option-byte loading

When set to 1, this bit forces the option byte reloading. This bit is cleared only when the option-byte loading is complete. It cannot be written if OPTLOCK is set.

0: Option-byte loading complete

1: Option-byte loading requested

Bit 26 Reserved, must be kept at reset value.

Bit 25 ERRIE : Nonsecure error interrupt enable

This bit enables the interrupt generation when OPERR = 1 in FLASH_NSSR .

0: Nonsecure OPERR error interrupt disabled

1: Nonsecure OPERR error interrupt enabled

Bit 24 EOPIE : Nonsecure end of operation interrupt enable

This bit enables the interrupt generation when EOP = 1 in FLASH_NSSR.

0: Nonsecure EOP Interrupt disabled

1: Nonsecure EOP Interrupt enabled

Bits 23:18 Reserved, must be kept at reset value.

Bit 17 OPTSTR : Options modification start

This bit triggers an options operation when set. It can not be written if OPTLOCK bit is set.

This bit is set only by software, and is cleared when the BSY bit is cleared in FLASH_NSSR.

Bit 16 STR : Nonsecure start

This bit triggers a nonsecure erase operation when set. If MER1, MER2, and PER bits are reset and the STRT bit is set, PGSERR is set in FLASH_NSSR (this condition is forbidden). This bit is set only by software and is cleared when BSY is cleared in FLASH_NSSR.

Bit 15 MER2 : Nonsecure bank 2 mass erase

This bit triggers the bank 2 nonsecure mass erase (all bank 2 user pages) when set.

Bit 14 BWR : Nonsecure burst write programming mode

When set, this bit selects the burst write programming mode.

Bits 13:12 Reserved, must be kept at reset value.

Bit 11 BKER : Nonsecure bank selection for page erase

0: Bank 1 selected for nonsecure page erase

1: Bank 2 selected for nonsecure page erase

Bits 10:3 PNB[7:0] : Nonsecure page number selection

These bits select the page to erase.

00000000: page 0

00000001: page 1

...

00011111: page 31 (upper page for STM32U535/545)

...

01111111: page 127 (upper page for STM32U575/585)

...

11111111: page 255 (upper page for STM32U59x/5Ax/5Fx/5Gx)

Bit 2 MER1 : Nonsecure bank 1 mass erase

This bit triggers the bank 1 nonsecure mass erase (all bank 1 user pages) when set.

Bit 1 PER : Nonsecure page erase

0: Nonsecure page erase disabled

1: Nonsecure page erase enabled

Bit 0 PG : Nonsecure programming

0: Nonsecure FLASH programming disabled

1: Nonsecure FLASH programming enabled

7.9.10 FLASH secure control register (FLASH_SECCR)

Address offset: 0x2C

Reset value: 0x8000 0000

Access: no wait state when no flash memory operation is ongoing; word, half-word, and byte access

This register can only be written when BSY or OBL_LAUNCH is reset. Otherwise, the write access stalls until the BSY bits are reset.

This register is secure. It can be read and written only by secure access. A nonsecure read/write access is RAZ/WI. This register can be protected against unprivileged access when SPRIV = 1 in FLASH_PRIVCFG register.

Bit 31 LOCK : Secure lock

This bit is set only. When set, this register is locked. It is cleared by hardware after detecting the unlock sequence in FLASH_SECKEYR register.

In case of an unsuccessful unlock operation, this bit remains set until the next system reset.

Bit 30 Reserved, must be kept at reset value.

Bit 29 INV : Flash memory security state invert

This bit inverts the flash memory security state.

Bits 28:26 Reserved, must be kept at reset value.

Bit 25 ERRIE : Secure error interrupt enable

This bit enables the interrupt generation when OPERR = 1 in FLASH_SECSR.

0: Secure OPERR error interrupt disabled

1: Secure OPERR error interrupt enabled

Bit 24 EOPIE : Secure End of operation interrupt enable

This bit enables the interrupt generation when EOP = 1 in FLASH_SECSR.

0: Secure EOP Interrupt disabled

1: Secure EOP Interrupt enabled

Bits 23:17 Reserved, must be kept at reset value.

Bit 16 STRT : Secure start

This bit triggers a secure erase operation when set. If MER1, MER2, and PER bits are reset and the STRT bit is set, PGSERR is set in FLASH_SECSR (this condition is forbidden).

This bit is set only by software and is cleared when BSY is cleared in FLASH_SECSR.

Bit 15 MER2 : Secure bank 2 mass erase

This bit triggers the bank 2 secure mass erase (all bank 2 user pages) when set.

Bit 14 BWR : Secure burst write programming mode

When set, this bit selects the burst write programming mode.

Bits 13:12 Reserved, must be kept at reset value.

Bit 11 BKER : Secure bank selection for page erase

0: Bank 1 selected for secure page erase

1: Bank 2 selected for secure page erase

Bits 10:3 PNB[7:0] : Secure page number selection

These bits select the page to erase.

00000000: page 0

00000001: page 1

...

00011111: page 31 (upper page for STM32U535/545)

...

01111111: page 127 (upper page for STM32U575/585)

...

11111111: page 255 (upper page for STM32U59x/5Ax/5Fx/5Gx)

Bit 2 MER1 : Secure bank 1 mass erase

This bit triggers the bank 1 secure mass erase (all bank 1 user pages) when set.

Bit 1 PER : Secure page erase

0: Secure page erase disabled

1: Secure page erase enabled

Bit 0 PG : Secure programming

0: Secure FLASH programming disabled

1: Secure FLASH programming enabled

7.9.11 FLASH ECC register (FLASH_ECCR)

Address offset: 0x30

Reset value: 0x0000 0000

Access: no wait state; word, half-word, and byte access

This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFGR register.

Bit 31 ECCD: ECC detection

This bit is set by hardware when two ECC errors have been detected (only if ECCC and ECCD were previously cleared). When this bit is set, a NMI is generated. This bit is cleared by writing 1.

Bit 30 ECCC: ECC correction

This bit is set by hardware when one ECC error has been detected and corrected (only if ECCC and ECCD were previously cleared). An interrupt is generated if ECCIE is set. This bit is cleared by writing 1.

Bits 29:25 Reserved, must be kept at reset value.

Bit 24 ECCIE: ECC correction interrupt enable

This bit enables the interrupt generation when the ECCC bit in the FLASH_ECCR register is set.

0: ECCC interrupt disabled

1: ECCC interrupt enabled.

Bit 23 Reserved, must be kept at reset value.

Bit 22 SYSF_ECC: System flash memory ECC fail

This bit indicates that the ECC error correction or double ECC error detection is located in the system flash memory.

Bit 21 BK_ECC: ECC fail bank

This bit indicates which bank is concerned by the ECC error correction or by the double ECC error detection.

0: Bank 1

1: Bank 2

Bits 20:0 ADDR_ECC[20:0]: ECC fail address

This field indicates which address is concerned by the ECC error correction or by the double ECC error detection. The address is given by bank from address 0x0 0000 to address:

0x3 FFF0: upper address for STM32U535/545

0xF FFF0: upper address for STM32U575/585

0x1F FFF0: upper address for STM32U59x/5Ax/5Fx/5Gx

7.9.12 FLASH operation status register (FLASH_OPSR)

Address offset: 0x34

Reset value: 0xX0XX XXXX

(0xX0XX XXXX after system reset, and 0x0000 0000 after power-on reset)

Access: no wait state; word, half-word, and byte access

This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFGR register.

Bits 31:29 CODE_OP[2:0] : Flash memory operation code

This field indicates which flash memory operation has been interrupted by a system reset:

000: No flash operation interrupted by previous reset

001: Single write operation interrupted

010: Burst write operation interrupted

011: Page erase operation interrupted

100: Bank erase operation interrupted

101: Mass erase operation interrupted

110: Option change operation interrupted

111: Reserved

Bits 28:23 Reserved, must be kept at reset value.

Bit 22 SYSF_OP : Operation in system flash memory interrupted

This bit indicates that the reset occurred during an operation in the system flash memory.

Bit 21 BK_OP : Interrupted operation bank

This bit indicates which flash memory bank was accessed when reset occurred

0: Bank 1

1: Bank 2

Bits 20:0 ADDR_OP[20:0] : Interrupted operation address

This field indicates which address in the flash memory was accessed when reset occurred.

The address is given by bank from address 0x0 0000 to address:

0x7 FFF0: upper address for STM32U535/545

0xF FFF0: upper address for STM32U575/585

0x1F FFF0 upper address for STM32U59x/5Ax/5Fx/5Gx

7.9.13 FLASH option register (FLASH_OPTR)

Address offset: 0x40

Reset value: 0xXXXX XXXX (bits 0 to 31 loaded with values from the flash memory at OBL)

ST production value: 0x1FEF F8AA

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access.

This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFG register.

Bit 31 TZEN : Global TrustZone security enable

• 0: Global TrustZone security disabled
• 1: Global TrustZone security enabled

Bit 30 IO_VDDIO2_HSLV : High-speed IO at low \( V_{DDIO2} \) voltage configuration bit

This bit can be set only with \( V_{DDIO2} \) below 2.7 V.

• 0: High-speed IO at low \( V_{DDIO2} \) voltage feature disabled ( \( V_{DDIO2} \) can exceed 2.7 V)
• 1: High-speed IO at low \( V_{DDIO2} \) voltage feature enabled ( \( V_{DDIO2} \) remains below 2.7 V)

Bit 29 IO_VDD_HSLV : High-speed IO at low \( V_{DD} \) voltage configuration bit

This bit can be set only with \( V_{DD} \) below 2.7 V

• 0: High-speed IO at low \( V_{DD} \) voltage feature disabled ( \( V_{DD} \) can exceed 2.7 V)
• 1: High-speed IO at low \( V_{DD} \) voltage feature enabled ( \( V_{DD} \) remains below 2.7 V)

Bit 28 PA15_PUPEN : PA15 pull-up enable

• 0: USB power delivery dead-battery enabled/TDI pull-up deactivated
• 1: USB power delivery dead-battery disabled/TDI pull-up activated

Bit 27 NBOOT0 : NBOOT0 option bit

• 0: NBOOT0 = 0
• 1: NBOOT0 = 1

Bit 26 NSWBOOT0 : Software BOOT0

• 0: BOOT0 taken from the option bit NBOOT0
• 1: BOOT0 taken from PH3/BOOT0 pin

Bit 25 SRAM2_RST : SRAM2 erase when system reset

• 0: SRAM2 erased when a system reset occurs
• 1: SRAM2 not erased when a system reset occurs

Bit 24 SRAM2_ECC : SRAM2 ECC detection and correction enable

• 0: SRAM2 ECC check enabled
• 1: SRAM2 ECC check disabled

Bit 23 SRAM3_ECC : SRAM3 ECC detection and correction enable

• 0: SRAM3 ECC check enabled
• 1: SRAM3 ECC check disabled

Note: This bit is only available on some devices in the STM32U5 Series. Refer to the device datasheet for availability of its associated peripheral. If not present, consider this bit as reserved and keep it at reset value.

Bit 22 BKPRAM_ECC : Backup RAM ECC detection and correction enable

• 0: Backup RAM ECC check enabled
• 1: Backup RAM ECC check disabled

Bit 21 DUALBANK : Dual-bank configuration

• – 2-Mbyte flash memory devices for STM32U59x/5Ax/5Fx/5Gx
• – 1-Mbyte flash memory devices for STM32U575/585
• – 256-Kbyte and 128-Kbyte flash memory devices for STM32U535/545
• 0: Single-bank flash memory with contiguous address in bank 1
• 1: Dual-bank flash memory with contiguous addresses

Bit 20 SWAP_BANK : Swap banks

• 0: Bank 1 and bank 2 addresses not swapped
• 1: Bank 1 and bank 2 addresses swapped

Bit 19 WWDG_SW : Window watchdog selection

• 0: Hardware window watchdog selected
• 1: Software window watchdog selected

Bit 18 IWDG_STDBY : Independent watchdog counter freeze in Standby mode

• 0: Independent watchdog counter frozen in Standby mode
• 1: Independent watchdog counter running in Standby mode

Bit 17 IWDG_STOP : Independent watchdog counter freeze in Stop mode

• 0: Independent watchdog counter frozen in Stop mode
• 1: Independent watchdog counter running in Stop mode

Bit 16 IWDG_SW : Independent watchdog selection

• 0: Hardware independent watchdog selected
• 1: Software independent watchdog selected

Bit 15 SRAM_RST : All SRAMs (except SRAM2 and BKPSRAM) erase upon system reset

• 0: All SRAMs (except SRAM2 and BKPSRAM) erased when a system reset occurs
• 1: All SRAMs (except SRAM2 and BKPSRAM) not erased when a system reset occurs

Bit 14 NRST_SHDW : Reset generation in Shutdown mode

• 0: Reset generated when entering the Shutdown mode
• 1: No reset generated when entering the Shutdown mode

Bit 13 NRST_STDBY : Reset generation in Standby mode

• 0: Reset generated when entering the Standby mode
• 1: No reset generate when entering the Standby mode

Bit 12 NRST_STOP : Reset generation in Stop mode

• 0: Reset generated when entering the Stop mode
• 1: No reset generated when entering the Stop mode

Bit 11 Reserved, must be kept at reset value.

Bits 10:8 BOR_LEV[2:0] : BOR reset level
These bits contain the \( V_{DD} \) supply level threshold that activates/releases the reset.
000: BOR level 0 (reset level threshold around 1.7 V)
001: BOR level 1 (reset level threshold around 2.0 V)
010: BOR level 2 (reset level threshold around 2.2 V)
011: BOR level 3 (reset level threshold around 2.5 V)
100: BOR level 4 (reset level threshold around 2.8 V)

Bits 7:0 RDP[7:0] : Readout protection level
0xAA: Level 0 (readout protection not active)
0x55: Level 0.5 (readout protection not active, only nonsecure debug access is possible). Only available when TrustZone is active (TZEN = 1)
0xCC: Level 2 (chip readout protection active)
Others: Level 1 (memories readout protection active)
Note: Refer to Section 7.6.2 for more details.

7.9.14 FLASH nonsecure boot address 0 register (FLASH_NSBOOTADD0R)

Address offset: 0x44
Reset value: 0xXXXX XXXX
(Option bytes loaded with values from the flash memory at reset release)
ST production value: 0x0800 007F
Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access.

This register can not be written if OPTLOCK bit is set. This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFGR register.

Bits 31:7 NSBOOTADD0[24:0] : Nonsecure boot base address 0
The nonsecure boot memory address can be programmed to any address in the valid address range with a granularity of 128 bytes. These bits correspond to address [31:7]. NSBOOTADD0 option bytes are selected following the BOOT0 pin or NSWBOOT0 state.
Examples:
NSBOOTADD0[24:0] = 0x0100000: Boot from nonsecure flash memory (0x0800 0000)
NSBOOTADD0[24:0] = 0x017F200: Boot from system memory bootloader (0x0BF9 0000)
NSBOOTADD0[24:0] = 0x0400000: Boot from nonsecure SRAM1 on S-Bus (0x2000 0000)

Bits 6:0 Reserved, must be kept at reset value.

7.9.15 FLASH nonsecure boot address 1 register (FLASH_NSBOOTADD1R)

Address offset: 0x48

Reset value: 0xXXXX XXXX

(option bytes loaded with values from the flash memory at reset release)

ST production value: 0x0BF9 007F

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access.

This register can not be written if OPTLOCK bit is set. This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFG register.

Bits 31:7 NSBOOTADD1[24:0] : Nonsecure boot address 1

The nonsecure boot memory address can be programmed to any address in the valid address range with a granularity of 128 bytes. These bits correspond to address [31:7]. NSBOOTADD1 option bytes are selected following the BOOT0 pin or NSWBOOT0 state.

Examples:

NSBOOTADD1[24:0] = 0x0100000: Boot from nonsecure flash memory (0x0800 0000)

NSBOOTADD1[24:0] = 0x017F200: Boot from system memory bootloader (0x0BF9 0000)

NSBOOTADD1[24:0] = 0x0400000: Boot from nonsecure SRAM1 on S-Bus (0x2000 0000)

Bits 6:0 Reserved, must be kept at reset value.

7.9.16 FLASH secure boot address 0 register (FLASH_SECBOOTADD0R)

Address offset: 0x4C

Reset value: 0xXXXX XXXX

ST production value: 0x0C00 007C

(option bytes loaded with values from the flash memory at reset release)

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access.

This register can not be written if OPTLOCK bit is set. This register is secure. It can be read and written only by secure access. A nonsecure read/write access is RAZ/WI. This register can be protected against unprivileged access when SPRIV = 1 in FLASH_PRIVCFGR.

Bits 31:7 SECBOOTADD0[24:0] : Secure boot base address 0

The secure boot memory address can be programmed to any address in the valid address range with a granularity of 128 bytes. This bits correspond to address [31:7].

SECBOOTADD0 option bytes are selected following the BOOT0 pin or NSWBOOT0 state.

Examples:

SECBOOTADD0[24:0] = 0x018 0000: Boot from secure flash memory (0x0C00 0000)

SECBOOTADD0[24:0] = 0x01F F000: Boot from RSS (0x0FF8 0000)

SECBOOTADD0[24:0] = 0x060 0000: Boot from secure SRAM1 on S-Bus (0x3000 0000)

Bits 6:1 Reserved, must be kept at reset value.

Bit 0 BOOT_LOCK : Boot lock

When set, the boot is always forced to base address value programmed in SECBOOTADD0[24:0] option bytes whatever the boot selection option. This bit can only be cleared when RDP is at Level 0.

7.9.17 FLASH secure watermark1 register 1 (FLASH_SECWM1R1)

Address offset: 0x50

Reset value: 0xXXXX XXXX

(bits loaded with values from the flash memory at OBL. Reserved bits are read as 1.)

ST production value: 0xFFFF FF80 (for STM32U535/545/575/585)

0xFFFF FF00 (for STM32U59x/5Ax/5Fx/5Gx)

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access.

This register can not be written if OPTLOCK bit is set. This register is secure. It can be read and written only by secure access. A nonsecure read/write access is RAZ/WI. This register can be protected against unprivileged access when SPRIV = 1 in FLASH_PRIVCFGR.

Bits 31:24 Reserved, must be kept at reset value.

Bits 23:16 SECWM1_PEND[7:0] : End page of first secure area

This field contains the last page of the secure area in bank 1. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

Bits 15:8 Reserved, must be kept at reset value.

Bits 7:0 SECWM1_PSTRT[7:0] : Start page of first secure area

This field contains the first page of the secure area in bank 1. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

7.9.18 FLASH secure watermark1 register 2 (FLASH_SECW1R2)

Address offset: 0x54

Reset value: 0xXXXX XXXX

(bits loaded with values from the flash memory at OBL)

ST production value: 0x7FE0 7FE0 (for STM32U535/545)

0x7F80 7F80 (for STM32U575/585)

0x7F00 7F00 (for STM32U59x/5Ax/5Fx/5Gx)

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access

This register can not be written if OPTLOCK bit is set. This register is secure. It can be read and written only by secure access. A nonsecure read/write access is RAZ/WI. This register can be protected against unprivileged access when SPRIV = 1 in FLASH_PRIVCFGR.

Bit 31 HDP1EN : Hide protection first area enable

0: No HDP area 1

1: HDP first area enabled

Bits 30:24 Reserved, must be kept at reset value.

Bits 23:16 HDP1_PEND[7:0] : End page of first hide protection area

This field contains the last page of the HDP area in bank 1. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

Bits 15:0 Reserved, must be kept at reset value.

7.9.19 FLASH WRP1 area A address register (FLASH_WRP1AR)

Address offset: 0x58

Reset value: 0xXXXX XXXX

(bits loaded with values from the flash memory at OBL. Reserved bits are read as 1)

ST production value: 0xFFE0 FFFF (for STM32U535/545)

0xFF80 FFFF (for STM32U575/585)

0xFF00 FFFF (for STM32U59x/5Ax/5Fx/5Gx)

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access

This register can not be written if OPTLOCK bit is set. This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFG register.

Bit 31 UNLOCK : Bank 1 WPR first area A unlock
0: WRP1A start and end pages locked
1: WRP1A start and end pages unlocked

Bits 30:24 Reserved, must be kept at reset value.

Bits 23:16 WRP1A_PEND[7:0] : Bank 1 WPR first area A end page
This field contains the last page of the first WPR area in bank 1. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

Bits 15:8 Reserved, must be kept at reset value.

Bits 7:0 WRP1A_PSTRT[7:0] : bank 1 WPR first area A start page
This field contains the first page of the first WPR area for bank 1. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

7.9.20 FLASH WRP1 area B address register (FLASH_WRP1BR)

Address offset: 0x5C

Reset value: 0xXXXX XXXX (bits loaded with values from the flash memory at OBL)

ST production value: 0xFFE0 FFFF (for STM32U535/545)

0xFF80 FFFF (for STM32U575/585)

0xFF00 FFFF (for STM32U59x/5Ax/5Fx/5Gx)

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access

This register can not be written if OPTLOCK bit is set. This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFGR register.

Bit 31 UNLOCK : Bank 1 WPR second area B unlock

0: WRP1B start and end pages locked

1: WRP1B start and end pages unlocked

Bits 30:24 Reserved, must be kept at reset value.

Bits 23:16 WRP1B_PEND[7:0] : Bank 1 WRP second area B end page

This field contains the last page of the second WRP area in bank 1. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

Bits 15:8 Reserved, must be kept at reset value.

Bits 7:0 WRP1B_PSTRT[7:0] : Bank 1 WRP second area B start page

This field contains the first page of the second WRP area for bank 1. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

7.9.21 FLASH secure watermark2 register 1 (FLASH_SECWM2R1)

Address offset: 0x60

Reset value: 0xXXXX XXXX (bits loaded with values from the flash memory at OBL)

ST production value: 0xFFFF FF80 (for STM32U535/545/575/585)

0xFFFF FF00 (for STM32U59x/5Ax/5Fx/5Gx)

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access

This register can not be written if OPTLOCK bit is set. This register is secure. It can be read and written only by secure access. A nonsecure read/write access is RAZ/WI. This register can be protected against unprivileged access when SPRIV = 1 in FLASH_PRIVCFGR.

Bits 31:24 Reserved, must be kept at reset value.

Bits 23:16 SECWM2_PEND[7:0] : End page of second secure area

This field contains the last page of the secure area in bank 2. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

Bits 15:8 Reserved, must be kept at reset value.

Bits 7:0 SECWM2_PSTRT[7:0] : Start page of second secure area

This field contains the first page of the secure area in bank 2. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

7.9.22 FLASH secure watermark2 register 2 (FLASH_SECWM2R2)

Address offset: 0x64

Reset value: 0xXXXX XXXX (bits loaded with values from the flash memory at OBL)

ST production value: 0x7FE0 7FE0 (for STM32U535/545)

0x7F80 7F80 (for STM32U575/585)

0x7F00 7F00 (for STM32U59x/5Ax/5Fx/5Gx)

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access

This register can not be written if OPTLOCK bit is set. This register is secure. It can be read and written only by secure access. A nonsecure read/write access is RAZ/WI. This register can be protected against unprivileged access when SPRIV = 1 in FLASH_PRIVCFGR.

Bit 31 HDP2EN : Hide protection second area enable

0: No HDP area 2

1: HDP second area is enabled.

Bits 30:24 Reserved, must be kept at reset value.

Bits 23:16 HDP2_PEND[7:0] : End page of hide protection second area

HDP2_PEND contains the last page of the HDP area in bank 2. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

Bits 15:0 Reserved, must be kept at reset value.

7.9.23 FLASH WPR2 area A address register (FLASH_WRP2AR)

Address offset: 0x68

Reset value: 0xXXXX XXXX (bits loaded with values from the flash memory at OBL)

ST production value: 0xFFE0 FFFF (for STM32U535/545)

0xFF80 FFFF (for STM32U575/585)

0xFF00 FFFF (for STM32U59x/5Ax/5Fx/5Gx)

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access

This register can not be written if OPTLOCK bit is set. This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFGR register.

Bit 31 UNLOCK : Bank 2 WPR first area A unlock

0: WRP2A start and end pages locked

1: WRP2A start and end pages unlocked

Bits 30:24 Reserved, must be kept at reset value.

Bits 23:16 WRP2A_PEND[7:0] : Bank 2 WPR first area A end page

This field contains the last page of the first WRP area in bank 2. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

Bits 15:8 Reserved, must be kept at reset value.

Bits 7:0 WRP2A_PSTRT[7:0] : Bank 2 WPR first area A start page

This field contains the first page of the first WRP area for bank 2. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

7.9.24 FLASH WPR2 area B address register (FLASH_WRP2BR)

Address offset: 0x6C

Reset value: 0xXXXX XXXX (bits are loaded with values from the flash memory at OBL)

ST production value: 0xFFE0 FFFF (for STM32U535/545)

0xFF80 FFFF (for STM32U575/585)

0xFF00 FFFF (for STM32U59x/5Ax/5Fx/5Gx)

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access

This register can not be written if OPTLOCK bit is set. This register is nonsecure. It can be read and written by both secure and nonsecure access. This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFGR register.

Bit 31 UNLOCK : Bank 2 WPR second area B unlock

0: WRP2B start and end pages locked

1: WRP2B start and end pages unlocked

Bits 30:24 Reserved, must be kept at reset value.

Bits 23:16 WRP2B_PEND[7:0] : Bank 2 WPR second area B end page

This field contains the last page of the second WRP area in bank 2. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

Bits 15:8 Reserved, must be kept at reset value.

Bits 7:0 WRP2B_PSTRT[7:0] : Bank 2 WPR second area B start page

This field contains the first page of the second WRP area for bank 2. This field is limited to 7 bits for STM32U575/585 and 5 bits for STM32U535/545.

7.9.25 FLASH OEM1 key register 1 (FLASH_OEM1KEYR1)

Address offset: 0x70

Reset value: 0x0000 0000

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access

This register is nonsecure. It can be written by both secure and nonsecure access.

This register is read as zero. It can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFG register.

Bits 31:0 OEM1KEY[31:0] : least significant bytes of the OEM1 key

7.9.26 FLASH OEM1 key register 2 (FLASH_OEM1KEYR2)

Address offset: 0x74

Reset value: 0x0000 0000

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access

This register is nonsecure. It can be written by both secure and nonsecure access.

This register is read as zero. It can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFG register.

Bits 31:0 OEM1KEY[63:32] : most significant bytes of the OEM1key

7.9.27 FLASH OEM2 key register 1 (FLASH_OEM2KEYR1)

Address offset: 0x78

Reset value: 0x0000 0000

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access

This register is nonsecure. It can be written by both secure and nonsecure access.
This register is read as zero. It can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFGR register.

Bits 31:0 OEM2KEY[31:0] : least significant bytes of the OEM2 key

7.9.28 FLASH OEM2 key register 2 (FLASH_OEM2KEYR2)

Address offset: 0x7C

Reset value: 0x0000 0000

Access: no wait state when no option bytes modification is ongoing; word, half-word, and byte access

This register is nonsecure. It can be written by both secure and nonsecure access.
This register can be protected against unprivileged access when NSPRIV = 1 in FLASH_PRIVCFGR register.

Bits 31:0 OEM2KEY[63:32] : most significant bytes of the OEM2 key

7.9.29 FLASH secure block based bank 1 register x (FLASH_SECB1Rx)

Address offset: \( 0x80 + 0x4 * (x - 1) \) , ( \( x = 1 \) to \( 8 \) )

Reset value: 0x0000 0000

Access: no wait state; word, half-word, and byte access

This register is secure. It can be written only by secure access. This register can be protected against unprivileged access (refer to Table 75 ).

Bits 31:0 SEC1BBi : page secure/nonsecure attribution ( \( i = 31 \) to \( 0 \) )

Each bit is used to set one page security attribution in bank 1.

• 0: Page \( (32 * (x - 1) + i) \) in bank 1 not block-based secure
• 1: Page \( (32 * (x - 1) + i) \) in bank 1 block-based secure

7.9.30 FLASH secure block based bank 2 register x (FLASH_SECB2Rx)

Address offset: \( 0xA0 + 0x4 * (x - 1) \) , ( \( x = 1 \) to \( 8 \) )

Reset value: 0x0000 0000

Access: no wait state; word, half-word, and byte access

This register is secure. It can be written only by a secure access. This register can be protected against unprivileged access (refer to Table 75 ).

Bits 31:0 SEC2BBi : page secure/nonsecure attribution ( \( i = 31 \) to \( 0 \) )

Each bit is used to set one page security attribution in bank 2.

• 0: Page \( (32 * (x - 1) + i) \) in bank 2 not block-based secure
• 1: Page \( (32 * (x - 1) + i) \) in bank 2 block-based secure

7.9.31 FLASH secure HDP control register (FLASH_SECHDPCR)

Address offset: 0xC0

Reset value: 0x0000 0000

Access: no wait state; word, half-word, and byte access

This register is secure. It can be read and written only by secure access. A nonsecure read/write access is RAZ/WI. This register can be protected against unprivileged access when SPRIV = 1 in FLASH_PRIVCFGR register.

Bits 31:2 Reserved, must be kept at reset value.

Bit 1 HDP2_ACCDIS : HDP2 area access disable

When set, this bit is only cleared by a system reset.

0: Access to HDP2 area granted

1: Access to HDP2 area denied (SECWM2Ry option-byte modification blocked, see Rules for modifying specific option bytes )

Bit 0 HDP1_ACCDIS : HDP1 area access disable

When set, this bit is only cleared by a system reset.

0: Access to HDP1 area granted

1: Access to HDP1 area denied (SECWM1Ry option-byte modification blocked, see Rules for modifying specific option bytes )

7.9.32 FLASH privilege configuration register (FLASH_PRIVCFGR)

Address offset: 0xC4.

Reset value: 0x0000 0000

Access: no wait state; word, half-word, and byte access

This register can be read by both privileged and unprivileged access. NSPRIV is a nonsecure bit. SPRIV is a secure bit.

Bits 31:2 Reserved, must be kept at reset value.

Bit 1 NSPRIV : Privileged protection for nonsecure registers

This bit can be read by both privileged or unprivileged, secure and nonsecure access.
0: Nonsecure FLASH registers can be read and written by privileged or unprivileged access.
1: Nonsecure FLASH registers can be read and written by privileged access only.
The NSPRIV bit can be written by a secure or nonsecure privileged access. A secure or nonsecure unprivileged write access on NSPRIV bit is ignored.

Bit 0 SPRIV : Privileged protection for secure registers

This bit can be accessed only when TrustZone is enabled (TZEN = 1). This bit can be read by both privileged or unprivileged, secure and nonsecure access.
0: Secure FLASH registers can be read and written by privileged or unprivileged access.
1: Secure FLASH registers can be read and written by privileged access only.
The SPRIV bit can be written only by a secure privileged access. A nonsecure write access on SPRIV bit is ignored. A secure unprivileged write access on SPRIV bit is ignored.

7.9.33 FLASH privilege block based bank 1 register x (FLASH_PRIVBB1Rx)

Address offset: \( 0xD0 + 0x4 \times (x - 1) \) , ( \( x = 1 \) to 8)

Reset value: 0x0000 0000

Access: no wait state; word, half-word, and byte access

This register is privileged. It can be read written only by a privileged access. This register can be protected against nonsecure access (refer to Table 76 ).

Bits 31:0 PRIV1BBi : page privileged/unprivileged attribution ( \( i = 31 \) to 0)

• Each bit is used to set one page privilege attribution in bank 1.
• 0: Page \( (32 \times (x - 1) + i) \) in bank 1 accessible by unprivileged access
• 1: Page \( (32 \times (x - 1) + i) \) in bank 1 only accessible by privileged access

7.9.34 FLASH privilege block based bank 2 register x (FLASH_PRIVBB2Rx)

Address offset: \( 0xF0 + 0x4 * (x - 1) \) , ( \( x = 1 \) to 8)

Reset value: 0x0000 0000

Access: no wait state; word, half-word, and byte access

This register is privilege. It can be read written only by a privileged access. This register can be protected against nonsecure access (refer to Table 76 ).

Bits 31:0 PRIV2BBi : page privileged/unprivileged attribution ( \( i = 31 \) to 0)

Each bit is used to set one page security attribution in bank 2.

0: Page ( \( 32 * (x - 1) + i \) ) in bank 2 accessible by unprivileged access

1: Page ( \( 32 * (x - 1) + i \) ) in bank 2 only accessible by privileged access

7.9.35 FLASH register map

Table 79. FLASH register map and reset values

Table 79. FLASH register map and reset values (continued)

Table 79. FLASH register map and reset values (continued)