Skip to main content
M
MA4
Senior
May 4, 2026
Solved

Boot pin with RDP level

  • May 4, 2026
  • 6 replies
  • 289 views

Hello,

I am working on the boot process and security of the STM32H757.

For my tests, I have placed the two boot addresses for the two cores (ADD0 and ADD1 for CM7 and CM4) in the internal flash memory, with an ISR vector at each boot address :
ADD0: standard ISR vector calling the standard Reset_Handler, which in turn calls the main function

 
g_pfnVectors:
.word __initial_spTop /* Use internal RAM for stack for calling SystemInit. */
.word Reset_Handler

.word NMI_Handler
.word HardFault_Handler
.word MemManage_Handler
.word BusFault_Handler
.word UsageFault_Handler
...

 

and ADD1: virtually the same ISR vector but calling BootPin_Handler instead of Reset_Handler

g_bootPinVectors:
 .word __initial_spTop
 .word BootPin_Handler

 .word NMI_Handler
 .word HardFault_Handler
 .word MemManage_Handler
 .word BusFault_Handler
 .word UsageFault_Handler
...

 

Everything seems to be working properly, at least up until the security test.

When RDP is set to level 0 or 1, everything is fine and everything seems to work, but when I set the RDP level to 2, it no longer works; the programme still launches at ADD0.

I’ve tried to find a link between the two in the documentation, but either I can’t find it or I don’t understand it.

Can anyone help me? 

To set level 2, I download the program in the device and then switch to level 1 then to level 2. In option byte I only changed boot address and RDP level. Maybe I have missed a step ?

Best answer by Jocelyn RICARD

Hello ,

Looking at RM0399 and other , I cannot find evidence that BOOT0 pin is no more used when RDP2 is enabled.

I think this is a missing information.

In fact, in all STM32 the BOOT0 pin is no more fetched in RDP Level 2.

The RDP2 can be seen as a boot lock feature, meaning you can only boot in address provided in ADD0.

The behaviour you see when enabling RDP Level 2 is expected.

I will ask internally to add this information to the reference manual.

Best regards

Jocelyn

 

6 replies

AScha.3
AScha.3
Super User
May 4, 2026

Hi,

RDP2  closes the chip against any external access - irreversible.

AScha3_0-1777903226729.png

...read in rm.

 

AScha3_1-1777903292245.png

..from RM0433.

"If you feel a post has answered your question, please click ""Accept as Solution""."
M
MA4Author
Senior
May 4, 2026

@AScha.3 

Ok, I don't think I quite understand that sentence. I thought we could still boot from internal flash (that’s why I put two addresses in the internal flash (all BOOT address are between 0x08000000 and 0x08100000). So It's note RAM neither ST system Flash (which is between 0x1FF00000 and 0x1FF1FFFF)

Does that mean the BOOT Pin feature can’t be used at all on RDP at level 2?

AScha.3
AScha.3
Super User
May 4, 2026

So maybe you accept what Ai is telling (sidekick here):

Function of the BOOT Pin in RDP Level 2

The BOOT pin is typically used to select the boot target (main flash, system bootloader, or SRAM) by latching its value on the fourth rising edge of SYSCLK after reset release. However, when RDP level 2 is active, the BOOT pin has no effect on the boot source:

  • The device will always boot from main flash memory, regardless of the BOOT pin configuration.
  • The built-in system bootloader is permanently disabled, and you cannot use the BOOT pin to access it or SRAM.

Irreversibility and Firmware Updates

Setting RDP level 2 is an irreversible action. Once set:

  • The system bootloader is permanently disabled.
  • If you require firmware updates, you must implement your own bootloader within the user flash, as the built-in one cannot be accessed anymore.

Summary

  • Booting by using the BOOT pin to access the bootloader or SRAM is not possible in RDP2.
  • Only boot from main flash memory is allowed, regardless of BOOT pin state.
  • System bootloader and SRAM boot are permanently disabled in RDP2.

+

from rm:

AScha3_0-1777907648564.png

 

"If you feel a post has answered your question, please click ""Accept as Solution""."
O
Onizuka09
ST Employee
May 4, 2026

Hello @MA4 

In RDP level 2, on boot for user flash is allowed so booting from System memory and RAM is disabled.

Onizuka09_0-1777906535548.png
The Boot pin feature enables the selection of 2 boot areas : 

1- you are using RDP level 2, setting BOOT_PIN = 1 is no more possible  ( CM7 boots to TCM-RAM or system bootloader and CM4 boots to SRAM1)  only BOOT_PIN = 0 is possible (boot to user flash  ).

2- When changing the default starting boot address in linker script, you should have also to update the option bytes (BCM7_ADD0 and BCM7_ADD0 ) with the new addresses, or you can setup in the linker script with the default boot address that is already set for both cores.

Onizuka09_0-1777907290364.png

 

3- Even though, you set BOOT_ADD1 in the option bytes ( this points to RAM), in RDP level 2 this is considered invalid and the system will forcefully boot to the default address which is ADD0.     

Please check RM0399 section 2.6 Boot Configuration for more information.


Best Regards 

M
MA4Author
Senior
May 5, 2026

Can you confirm / deny 
In RDP2, can we use BOOT_PIN to both from alternative address that is configured in user flash memory (in range 0x8000000-0x81FFFF) 

(working in RPD0 and RDP1)

Jocelyn RICARD
Jocelyn RICARDAnswer
ST Employee
May 5, 2026

Hello ,

Looking at RM0399 and other , I cannot find evidence that BOOT0 pin is no more used when RDP2 is enabled.

I think this is a missing information.

In fact, in all STM32 the BOOT0 pin is no more fetched in RDP Level 2.

The RDP2 can be seen as a boot lock feature, meaning you can only boot in address provided in ADD0.

The behaviour you see when enabling RDP Level 2 is expected.

I will ask internally to add this information to the reference manual.

Best regards

Jocelyn

 

    M
    MA4Author
    Senior
    May 5, 2026

    @Jocelyn RICARD Thank you for your answer.

    Terms & ConditionsAccessibility statement