I recently had to look into firmware readout and write protection for the STM32. And I noticed the process of disabling write protection after it's been enabled, is not device-specific; there's nothing unique (like the 96-bit device ID) involved in the lock/unlock process, that prevents someone other than the owner from unlocking the device, except that the unlocking process triggers a Mass Erase of the flash memory. The unlock keys are there in flash programming manual for anyone to see.
So did I miss something in the docs? Or is this just how it is with some MCUs, where disabling write and read protection basically results in a Mass Erase, ensuring the owner's code is safe (typically the ultimate goal, I assume)? Are there MCUs that actually use passwords from SRAM, unique device IDs or pin logic levels, to protect the flash and is this usually a built-in feature or must be implemented by the programmer?
Best Answer
Generally speaking, read protection is to protect the IP, write protection is to prevent a glitch from bricking the product.
So you want the read protection to be unbreakable without erasing the program (though the method does not have to be secret if it reliably erases the program) whereas write protection merely has to be set up so that it is extremely unlikely to occur accidentally, even if there are glitches etc.