4. Boot modes
At startup, a BOOT0 pin, NBOOT0, NSWBOOT0, NSBOOTADDx/SECBOOTADD0, and TZEN option bytes are used to select the boot memory address, which includes:
- • boot from any address in user flash memory
- • boot from system memory (bootloader)
- • boot from any address in embedded SRAM
- • boot from root security service (RSS)
The BOOT0 value may come from the PH3-BOOT0 pin or from the option bit NBOOT0, depending on the value of a user option bit to free the GPIO pad, if needed.
The bootloader, located in the system memory, is used to program the flash memory by using USART, USB, I2C, or SPI in device mode.
Table 22 details the boot modes when TrustZone is disabled, and Table 23 when enabled.
Table 22. Boot modes when TrustZone is disabled (TZEN = 0)
| BOOT0 (1) | Boot address option bytes selection | Boot initial VTOR_NS | |
|---|---|---|---|
| Nonsecure | ST programmed default value | ||
| 0 | NSBOOTADD0 | 0x0800 0000 - User flash | NSBOOTADD0 |
| 1 | NSBOOTADD1 | 0x0BF9 0000 - Bootloader | NSBOOTADD1 |
1. BOOT0 is either not NBOOT0 when NSWBOOT0 = 0 or pin PH3-BOOT0 when NSWBOOT0 = 1
When TrustZone is enabled by setting the TZEN option bit, the boot space must be in the secure area. The SECBOOTADD0 option bytes are used to select the boot secure memory address.
A unique boot entry option can be selected by setting the BOOT_LOCK option bit. In this case, all other boot options are ignored.
Table 23. Boot modes when TrustZone is enabled (TZEN = 1)
| BOOT_LOCK | BOOT0 (1) | RSS command | Boot address option bytes selection | Boot initial VTOR_S | |||
|---|---|---|---|---|---|---|---|
| Secure | ST programmed default value | Nonsecure | ST programmed default value | ||||
| 0 | 0 | 0 | SECBOOTADD0 | 0x0C00 0000 - User flash | NSBOOTADD0 | 0x0800 0000 (2) | SECBOOTADD0 |
| 1 | 0 | N/A | 0x0FF8 0000 - RSS | NSBOOTADD1 | 0x0BF9 0000 | 0x0FF8 0000 | |
| 0 | ≠ 0 | N/A | 0x0FF8 0000 - RSS | NSBOOTADD0 | 0x0800 0000 (2) | 0x0FF8 0000 | |
| 1 | NSBOOTADD1 | 0x0BF9 0000 | |||||
| 1 | 0 | x | SECBOOTADD0 | 0x0C00 0000 - User flash | NSBOOTADD0 | 0x0800 0000 (2) | SECBOOTADD0 |
| 1 | NSBOOTADD1 | 0x0BF9 0000 (3) | |||||
1. BOOT0 is either not NBOOT0 when NSWBOOT0 = 0 or pin PH3-BOOT0 when NSWBOOT0 = 1
2. The default NSBOOTADD0 points to a secure flash memory area, at boot privileged software must write Cortex-M33 VTOR_NS to point to a nonsecure area.
- 3. The default NSBOOTADD1 points to the bootloader, at boot privileged software must write Cortex-M33 VTOR_NS to point to a nonsecure user area.
The boot address option bytes are used to program any boot memory address. However, the allowed address space depends on flash memory read protection RDP level.
If the programmed boot memory address is out of the allowed memory mapped area when TZEN = 0 and RDP level is 2, or when TZEN = 1 and RDP level is 0.5 or more, the default boot fetch address is forced either in the secure flash memory, or the nonsecure flash memory, depending on TrustZone security option, as described in Table 24 .
Table 24. Boot space versus RDP protection
| RDP | TZEN = 1 (1) | TZEN = 0 |
|---|---|---|
| Valid address range SECBOOTADD | Valid address range NSBOOTADDx | |
| 0 | Any boot address | Any boot address |
| 0.5 | Boot address only in RSS 0x0FF8 0000 or in secure flash memory: 0x0C00 0000- 0x0C1F FFFF. | N/A |
| 1 | Otherwise boot address forced to RSS: 0x0FF8 0000. | Any boot address |
| 2 | Boot address only in flash memory: 0x0800 0000 - 0x081F FFFF. Otherwise boot address forced to 0x0800 0000. |
- 1. The initial NSBOOTADDx can point to a secure area. At boot, privileged software must write Cortex-M33 VTOR_NS to point to a nonsecure user area.
The BOOT0 value (coming from the pin or from the user option) is latched upon reset release. It is up to the user to set BOOT0 or NBOOT0 values, to select the required boot mode.
The BOOT0 pin or user option NBOOT0 (depending on NSWBOOT0 in FLASH_OPTR) is also resampled when exiting standby modes. Consequently, the BOOT0 pin or user option must be kept in the required Boot mode configuration in standby modes. After the startup delay, the selection of the boot area is done before releasing the processor reset.
PH3-BOOT0 GPIO is configured as follows:
- • in input mode during the complete reset phase if the option bit NSWBOOT0 is set in FLASH_OPTR, and then switches automatically in analog mode after reset is released (BOOT0 pin).
- • in input mode from the reset phase to the completion of the option byte loading if the bit NSWBOOT0 is cleared into FLASH_OPTR (BOOT0 value coming from the user option), and then switches automatically to the analog mode even if the reset phase is not complete.
Embedded bootloader
The embedded bootloader is located in the system memory, programmed by ST during production. Refer to AN2606 “ STM32 microcontroller system memory boot mode ”.
Embedded root security services (RSS)
The embedded RSS are located in the secure information block, programmed by ST during production. Refer to the AN4992 “ Introduction to secure firmware install (SFI) for STM32 MCUs ”.