ST STM32C5 Security Product Lifecycle

From SEGGER Knowledge Base
Jump to navigation Jump to search

The STM32C5 series of devices comes with enhanced device life-cycle management features. SEGGER implemented support for these features via a dedicated utility called Device Provisioner. For more information about this, please refer to the Device Provisioner article. STM32C5 Security Product Lifecycle features are implemented in the PCode_DevPro_ST_STM32C5.pex script file.

Important notes

  1. Setting product state to RDP2_wBS or RDP2 without previously setting an OEMKEY permanently locks the device. No regression to RDP0 possible.

Usage

DevPro -operation [operation_name] -SetConfigVal [parameter_name=value] -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Operation Parameters Values Description
SetRDP Level RDP2_wBS Sets RDP level RDP2_wBS (Transition from RDP0 to RDP2_wBS).
RDP2 Sets RDP level RDP2 (Transition from RDP0 to RDP2).
SetOEMKEY Key 16 Byte OEMKEY Sets OEMKEY in option bytes.
VerifyOEMKEY Key 16 Byte OEMKEY Verifies that the key matches the previously set OEMKEY.
SetBSKEY Key 4 Byte OEMKEY Sets BSKEY in option bytes.
Lock Key 4 Byte OEMKEY Locks device (Transition from RDP2_wBS to RDP2) using previously set BSKEY.
Unlock Key 16 Byte OEMKEY Unlocks device (Transition from RDP2_wBS or RDP2 to RDP0) using previously set OEMKEY.

Examples

Setting OEMKEY

Example
DevPro -operation SetOEMKEY -SetConfigVal "Key=00112233445566778899AABBCCDDEEFF" -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
SEGGER Device Provisioner V8.24
Compiled Mar 26 2025 15:33:43
Command line: -operation SetOEMKEY -SetConfigVal Key=00112233445566778899AABBCCDDEEFF -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Firmware: J-Link V11 compiled Apr  1 2025 10:02:30
S/N: 601005398

Opened script file: 'C:\Program Files\SEGGER\JLink_V824\Script\PCode_DevPro_ST_STM32C5.pex'
J-Link log: Setting OEMKEY ...
J-Link log: OEMKEYR1 = 0x00112233
J-Link log: OEMKEYR2 = 0x44556677
J-Link log: OEMKEYR3 = 0x8899AABB
J-Link log: OEMKEYR4 = 0xCCDDEEFF
J-Link log: OEMKEY successfully set.

Verifying OEMKEY

Example
DevPro -operation VerifyOEMKEY -SetConfigVal "Key=00112233445566778899AABBCCDDEEFF" -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
SEGGER Device Provisioner V9.28
Compiled Mar 18 2026 16:54:05
Command line: -operation VerifyOEMKEY -SetConfigVal Key=00112233445566778899AABBCCDDEEFF -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Firmware: J-Link V12 compiled Mar  6 2026 15:39:55
S/N: 602009936

J-Link log: Verifying OEMKEY ...
J-Link log: OEMKEYR1 = 0x00112233
J-Link log: OEMKEYR2 = 0x44556677
J-Link log: OEMKEYR3 = 0x8899AABB
J-Link log: OEMKEYR4 = 0xCCDDEEFF
J-Link log: The entered key matches the OEMKEY value.

Setting BSKEY

Example
DevPro -operation SetBSKEY -SetConfigVal "Key=00112233" -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
SEGGER Device Provisioner V8.24
Compiled Mar 26 2025 15:33:43
Command line: -operation SetBSKEY -SetConfigVal Key=00112233 -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Firmware: J-Link V11 compiled Apr  1 2025 10:02:30
S/N: 601005398

Opened script file: 'C:\Program Files\SEGGER\JLink_V824\Script\PCode_DevPro_ST_STM32C5.pex'
J-Link log: Setting BSKEY ...
J-Link log: BSKEY = 0x00112233
J-Link log: BSKEY successfully set.

Setting RDP level

Example
DevPro -operation SetRDP -SetConfigVal "Level=RDP2_wBS" -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
SEGGER Device Provisioner V8.24
Compiled Mar 26 2025 15:33:43
Command line: -operation SetRDP -SetConfigVal Level=RDP2_wBS -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Firmware: J-Link V11 compiled Apr  1 2025 10:02:30
S/N: 601005398

Opened script file: 'C:\Program Files\SEGGER\JLink_V824\Script\PCode_DevPro_ST_STM32C5.pex'
J-Link log: Configuring RDP to RDP2_wBS ...
J-Link log: RDP level successfully set.

Locking device with BSKEY

Example
DevPro -operation Lock -SetConfigVal "Key=00112233" -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
SEGGER Device Provisioner V8.24
Compiled Mar 26 2025 15:33:43
Command line: -operation Lock -SetConfigVal Key=00112233 -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Firmware: J-Link V11 compiled Apr  1 2025 10:02:30
S/N: 601005398

Opened script file: 'C:\Program Files\SEGGER\JLink_V824\Script\PCode_DevPro_ST_STM32C5.pex'
J-Link log: Locking device with BSKEY ...
J-Link log: BSKEY = 0x00112233

Unlocking device with OEMKEY

Example
DevPro -operation Unlock -SetConfigVal "Key=00112233445566778899AABBCCDDEEFF" -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
SEGGER Device Provisioner V8.24
Compiled Mar 26 2025 15:33:43
Command line: -operation Unlock -SetConfigVal Key=00112233445566778899AABBCCDDEEFF -if SWD -speed 4000 -ScriptFile PCode_DevPro_ST_STM32C5.pex
Firmware: J-Link V11 compiled Apr  1 2025 10:02:30
S/N: 601005398

Opened script file: 'C:\Program Files\SEGGER\JLink_V824\Script\PCode_DevPro_ST_STM32C5.pex'
J-Link log: Unlocking device with OEMKEY ...
J-Link log: OEMKEYR1 = 0x00112233
J-Link log: OEMKEYR2 = 0x44556677
J-Link log: OEMKEYR3 = 0x8899AABB
J-Link log: OEMKEYR4 = 0xCCDDEEFF
J-Link log: Successfully unlocked.
Retrieved from "https://kb.segger.com.live.segger-sys.de/index.php?title=ST_STM32C5_Security_Product_Lifecycle&oldid=28658"