Improve C0/G0 secure hide protection feature documentation.

2023-10-09 13:26:26 -07:00 · 2023-10-09 13:26:26 -07:00 · a6fc952328
parent c4dfa3f986
commit a6fc952328
3 changed files with 28 additions and 9 deletions
--- a/arch.mk
+++ b/arch.mk
@ -92,11 +92,6 @@ ifeq ($(ARCH),ARM)
  ifeq ($(TARGET),stm32g0)
    CORTEX_M0=1
    ARCH_FLASH_OFFSET=0x08000000
-
-    # Enable this feature for secure memory support
-    # Makes the flash sectors for the bootloader unaccessible from the application
-    # Requires using the STM32CubeProgrammer to set FLASH_SECR -> SEC_SIZE pages
-    CFLAGS+=-DFLASH_SECURABLE_MEMORY_SUPPORT
  endif

  ifeq ($(TARGET),stm32f4)
--- a/config/examples/stm32g0.config
+++ b/config/examples/stm32g0.config
@ -15,6 +15,12 @@ V?=0
 SPMATH?=1
 RAM_CODE?=1
 DUALBANK_SWAP?=0
+
+# Enable this feature for secure memory support
+# Makes the flash sectors for the bootloader unaccessible from the application
+# Requires using the STM32CubeProgrammer to set FLASH_SECR -> SEC_SIZE pages
+#CFLAGS_EXTRA+=-DFLASH_SECURABLE_MEMORY_SUPPORT
+
 WOLFBOOT_PARTITION_SIZE?=0xB000
 WOLFBOOT_SECTOR_SIZE?=0x800
 WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08008000
--- a/docs/Targets.md
+++ b/docs/Targets.md
@ -382,15 +382,21 @@ The option `CORTEX_M0` is automatically selected for this target.
 The option `NVM_FLASH_WRITEONCE=1` is mandatory on this target, since the IAP driver does not support
 multiple writes after each erase operation.

-This target also supports secure memory protection on the bootloader region
-using the `FLASH_CR:SEC_PROT` and `FLASH_SECT:SEC_SIZE` registers. This is the
+#### STM32G0 Secure Hide Protection Feature (Optional)
+
+This part supports a "secure memory protection" feature makes the wolfBoot partition unaccessible after jump to application.
+
+It uses the `FLASH_CR:SEC_PROT` and `FLASH_SECT:SEC_SIZE` registers. This is the
 number of 2KB pages to block access to from the 0x8000000 base address.

+Command example to enable this for 32KB bootloader:
+
 ```
 STM32_Programmer_CLI -c port=swd mode=hotplug -ob SEC_SIZE=0x10
 ```

-For RAMFUNCTION support (required for SEC_PROT) make sure `RAM_CODE=1`.
+Enabled with `CFLAGS_EXTRA+=-DFLASH_SECURABLE_MEMORY_SUPPORT`.
+Requires `RAM_CODE=1` to enable RAMFUNCTION support.

 ### STM32G0 Programming

@ -460,10 +466,22 @@ The option `CORTEX_M0` is automatically selected for this target.
 The option `NVM_FLASH_WRITEONCE=1` is mandatory on this target, since the IAP driver does not support
 multiple writes after each erase operation.

+#### STM32C0 Secure Hide Protection Feature (Optional)
+
+This part supports a "secure memory protection" feature makes the wolfBoot partition unaccessible after jump to application.
+
+It uses the `FLASH_CR:SEC_PROT` and `FLASH_SECT:SEC_SIZE` registers. This is the
+number of 2KB pages to block access to from the 0x8000000 base address.
+
+Command example to enable this for 10KB bootloader:
+
 ```
-STM32_Programmer_CLI -c port=swd mode=hotplug -ob SEC_SIZE=0x10
+STM32_Programmer_CLI -c port=swd mode=hotplug -ob SEC_SIZE=0x05
 ```

+Enabled with `CFLAGS_EXTRA+=-DFLASH_SECURABLE_MEMORY_SUPPORT`.
+Requires `RAM_CODE=1` to enable RAMFUNCTION support.
+
 ### STM32C0 Programming

 Compile requirements: `make TARGET=stm32c0 NVM_FLASH_WRITEONCE=1`