78ce5784eb
Introduce flash extended operations that can be used to disable access to option and control registers until reset. Disabling access to these registers improves system security, because flash content (or protection settings) can't be changed even when exploit was found. On STM32 devices, registers can be locked until reset by writing wrong key during unlock procedure. It triggers a bus fault, so during the procedure we need to ignore faults and clear bus fault pending bit. Please note that option register disabling was implemented for devices that have OPTCR register (F2, F4, F7 and H7). Implementation on other devices requires more testing, since documentation is not precise enough. Disabling control register was implemented for devices that have CR register. Signed-off-by: Patryk Duda <pdk@semihalf.com>
74 lines
2.3 KiB
Plaintext
74 lines
2.3 KiB
Plaintext
# ST Microelectronics STM32 MCUs Flash driver config
|
|
|
|
# Copyright (c) 2016 RnDity Sp. z o.o.
|
|
# Copyright (c) 2017 BayLibre, SAS
|
|
# Copyright (c) 2022 Linaro Limited
|
|
# Copyright (c) 2023 Google Inc
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
config SOC_FLASH_STM32
|
|
bool "STM32 flash driver"
|
|
depends on DT_HAS_ST_STM32_FLASH_CONTROLLER_ENABLED || \
|
|
DT_HAS_ST_STM32H7_FLASH_CONTROLLER_ENABLED
|
|
select FLASH_HAS_DRIVER_ENABLED
|
|
default y
|
|
select FLASH_PAGE_LAYOUT
|
|
select FLASH_HAS_PAGE_LAYOUT
|
|
select FLASH_HAS_EX_OP if SOC_SERIES_STM32F4X
|
|
select MPU_ALLOW_FLASH_WRITE if ARM_MPU
|
|
help
|
|
Enable flash driver for STM32 series
|
|
|
|
if SOC_FLASH_STM32
|
|
|
|
config FLASH_STM32_WRITE_PROTECT
|
|
bool "Extended operation for flash write protection control"
|
|
depends on SOC_SERIES_STM32F4X
|
|
default n
|
|
help
|
|
Enables flash extended operation for enabling/disabling flash write
|
|
protection.
|
|
|
|
config FLASH_STM32_WRITE_PROTECT_DISABLE_PREVENTION
|
|
bool "Prevent from disabling flash write protection"
|
|
depends on FLASH_STM32_WRITE_PROTECT
|
|
default n
|
|
help
|
|
If enabled, all requests to disable flash write protection will be
|
|
blocked.
|
|
|
|
config FLASH_STM32_READOUT_PROTECTION
|
|
bool "Extended operation for flash readout protection control"
|
|
depends on SOC_SERIES_STM32F4X
|
|
default n
|
|
help
|
|
Enables flash extended operation for enabling/disabling flash readout
|
|
protection.
|
|
|
|
config FLASH_STM32_READOUT_PROTECTION_DISABLE_ALLOW
|
|
bool "Allow disabling readout protection"
|
|
depends on FLASH_STM32_READOUT_PROTECTION
|
|
default n
|
|
help
|
|
With this option enabled it will be possible to disable readout
|
|
protection. On STM32 devices it will trigger flash mass erase!
|
|
|
|
config FLASH_STM32_READOUT_PROTECTION_PERMANENT_ALLOW
|
|
bool "Allow enabling readout protection permanently"
|
|
depends on FLASH_STM32_READOUT_PROTECTION
|
|
default n
|
|
help
|
|
With this option enabled it will be possible to enable readout
|
|
protection permanently.
|
|
|
|
config FLASH_STM32_BLOCK_REGISTERS
|
|
bool "Extended operation for blocking option and control registers"
|
|
default n
|
|
help
|
|
Enables flash extended operations that can be used to disable access
|
|
to option and control registers until reset. Disabling access to these
|
|
registers improves system security, because flash content (or
|
|
protection settings) can't be changed even when exploit was found.
|
|
|
|
endif # SOC_FLASH_STM32
|