ST STM32C5 Security Product Lifecycle

From SEGGER Knowledge Base
Jump to navigation Jump to search

The STM32C5 series of devices comes with enhanced device life-cycle management features. SEGGER implemented support for these features via a dedicated utility called Device Provisioner. For more information about this, please refer to the Device Provisioner article. STM32C5 Security Product Lifecycle features are implemented in the PCode_DevPro_ST_STM32C5.pex script file.

Important notes

  1. Setting product state to RDP2_wBS or RDP2 without previously setting an OEMKEY permanently locks the device. No regression to RDP0 possible.

Usage

DevPro -operation [operation_name] -SetConfigVal [parameter_name=value] -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Operation Parameters Values Description
SetRDP Level RDP2_wBS Sets RDP level RDP2_wBS (Transition from RDP0 to RDP2_wBS).
RDP2 Sets RDP level RDP2 (Transition from RDP0 to RDP2).
SetOEMKEY Key 16 Byte OEMKEY Sets OEMKEY in option bytes.
SetBSKEY Key 4 Byte OEMKEY Sets BSKEY in option bytes.
Lock Key 4 Byte OEMKEY Locks device (Transition from RDP2_wBS to RDP2) using previously set BSKEY.
Unlock Key 16 Byte OEMKEY Unlocks device (Transition from RDP2_wBS or RDP2 to RDP0) using previously set OEMKEY.

Examples

Setting OEMKEY

Example
DevPro -operation SetOEMKEY -SetConfigVal "Key=00112233445566778899AABBCCDDEEFF" -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
SEGGER Device Provisioner V8.24
Compiled Mar 26 2025 15:33:43
Command line: -operation SetOEMKEY -SetConfigVal Key=00112233445566778899AABBCCDDEEFF -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Firmware: J-Link V11 compiled Apr  1 2025 10:02:30
S/N: 601005398

Opened script file: 'C:\Program Files\SEGGER\JLink_V824\Script\PCode_DevPro_ST_STM32C5.pex'
J-Link log: Setting OEMKEY ...
J-Link log: OEMKEYR1 = 0x00112233
J-Link log: OEMKEYR2 = 0x44556677
J-Link log: OEMKEYR3 = 0x8899AABB
J-Link log: OEMKEYR4 = 0xCCDDEEFF
J-Link log: OEMKEY successfully set.

Setting BSKEY

Example
DevPro -operation SetBSKEY -SetConfigVal "Key=00112233" -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
SEGGER Device Provisioner V8.24
Compiled Mar 26 2025 15:33:43
Command line: -operation SetBSKEY -SetConfigVal Key=00112233 -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Firmware: J-Link V11 compiled Apr  1 2025 10:02:30
S/N: 601005398

Opened script file: 'C:\Program Files\SEGGER\JLink_V824\Script\PCode_DevPro_ST_STM32C5.pex'
J-Link log: Setting BSKEY ...
J-Link log: BSKEY = 0x00112233
J-Link log: BSKEY successfully set.

Setting RDP level

Example
DevPro -operation SetRDP -SetConfigVal "Level=RDP2_wBS" -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
SEGGER Device Provisioner V8.24
Compiled Mar 26 2025 15:33:43
Command line: -operation SetRDP -SetConfigVal Level=RDP2_wBS -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Firmware: J-Link V11 compiled Apr  1 2025 10:02:30
S/N: 601005398

Opened script file: 'C:\Program Files\SEGGER\JLink_V824\Script\PCode_DevPro_ST_STM32C5.pex'
J-Link log: Configuring RDP to RDP2_wBS ...
J-Link log: RDP level successfully set.

Locking device with BSKEY

Example
DevPro -operation Lock -SetConfigVal "Key=00112233" -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
SEGGER Device Provisioner V8.24
Compiled Mar 26 2025 15:33:43
Command line: -operation Lock -SetConfigVal Key=00112233 -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Firmware: J-Link V11 compiled Apr  1 2025 10:02:30
S/N: 601005398

Opened script file: 'C:\Program Files\SEGGER\JLink_V824\Script\PCode_DevPro_ST_STM32C5.pex'
J-Link log: Locking device with BSKEY ...
J-Link log: BSKEY = 0x00112233

Unlocking device with OEMKEY

Example
DevPro -operation Unlock -SetConfigVal "Key=00112233445566778899AABBCCDDEEFF" -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
SEGGER Device Provisioner V8.24
Compiled Mar 26 2025 15:33:43
Command line: -operation Unlock -SetConfigVal Key=00112233445566778899AABBCCDDEEFF -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Firmware: J-Link V11 compiled Apr  1 2025 10:02:30
S/N: 601005398

Opened script file: 'C:\Program Files\SEGGER\JLink_V824\Script\PCode_DevPro_ST_STM32C5.pex'
J-Link log: Unlocking device with OEMKEY ...
J-Link log: OEMKEYR1 = 0x00112233
J-Link log: OEMKEYR2 = 0x44556677
J-Link log: OEMKEYR3 = 0x8899AABB
J-Link log: OEMKEYR4 = 0xCCDDEEFF
J-Link log: Successfully unlocked.
Retrieved from "https://kb.segger.com/index.php?title=ST_STM32C5_Security_Product_Lifecycle&oldid=28209"