Improve C0/G0 secure hide protection feature documentation.

dgarske · danielinux · commit a6fc952328c0 · 2023-10-13T14:34:01.000+02:00
diff --git a/arch.mk b/arch.mk
@@ -92,11 +92,6 @@ ifeq ($(ARCH),ARM)
   ifeq ($(TARGET),stm32g0)
     CORTEX_M0=1
     ARCH_FLASH_OFFSET=0x08000000
-
-    # Enable this feature for secure memory support
-    # Makes the flash sectors for the bootloader unaccessible from the application
-    # Requires using the STM32CubeProgrammer to set FLASH_SECR -> SEC_SIZE pages
-    CFLAGS+=-DFLASH_SECURABLE_MEMORY_SUPPORT
   endif
 
   ifeq ($(TARGET),stm32f4)
diff --git a/config/examples/stm32g0.config b/config/examples/stm32g0.config
@@ -15,6 +15,12 @@ V?=0
 SPMATH?=1
 RAM_CODE?=1
 DUALBANK_SWAP?=0
+
+# Enable this feature for secure memory support
+# Makes the flash sectors for the bootloader unaccessible from the application
+# Requires using the STM32CubeProgrammer to set FLASH_SECR -> SEC_SIZE pages
+#CFLAGS_EXTRA+=-DFLASH_SECURABLE_MEMORY_SUPPORT
+
 WOLFBOOT_PARTITION_SIZE?=0xB000
 WOLFBOOT_SECTOR_SIZE?=0x800
 WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08008000
diff --git a/docs/Targets.md b/docs/Targets.md
@@ -382,15 +382,21 @@ The option `CORTEX_M0` is automatically selected for this target.
 The option `NVM_FLASH_WRITEONCE=1` is mandatory on this target, since the IAP driver does not support
 multiple writes after each erase operation.
 
-This target also supports secure memory protection on the bootloader region
-using the `FLASH_CR:SEC_PROT` and `FLASH_SECT:SEC_SIZE` registers. This is the
+#### STM32G0 Secure Hide Protection Feature (Optional)
+
+This part supports a "secure memory protection" feature makes the wolfBoot partition unaccessible after jump to application.
+
+It uses the `FLASH_CR:SEC_PROT` and `FLASH_SECT:SEC_SIZE` registers. This is the
 number of 2KB pages to block access to from the 0x8000000 base address.
 
+Command example to enable this for 32KB bootloader:
+
 ```
 STM32_Programmer_CLI -c port=swd mode=hotplug -ob SEC_SIZE=0x10
 ```
 
-For RAMFUNCTION support (required for SEC_PROT) make sure `RAM_CODE=1`.
+Enabled with `CFLAGS_EXTRA+=-DFLASH_SECURABLE_MEMORY_SUPPORT`.
+Requires `RAM_CODE=1` to enable RAMFUNCTION support.
 
 ### STM32G0 Programming
 
@@ -460,10 +466,22 @@ The option `CORTEX_M0` is automatically selected for this target.
 The option `NVM_FLASH_WRITEONCE=1` is mandatory on this target, since the IAP driver does not support
 multiple writes after each erase operation.
 
+#### STM32C0 Secure Hide Protection Feature (Optional)
+
+This part supports a "secure memory protection" feature makes the wolfBoot partition unaccessible after jump to application.
+
+It uses the `FLASH_CR:SEC_PROT` and `FLASH_SECT:SEC_SIZE` registers. This is the
+number of 2KB pages to block access to from the 0x8000000 base address.
+
+Command example to enable this for 10KB bootloader:
+
 ```
-STM32_Programmer_CLI -c port=swd mode=hotplug -ob SEC_SIZE=0x10
+STM32_Programmer_CLI -c port=swd mode=hotplug -ob SEC_SIZE=0x05
 ```
 
+Enabled with `CFLAGS_EXTRA+=-DFLASH_SECURABLE_MEMORY_SUPPORT`.
+Requires `RAM_CODE=1` to enable RAMFUNCTION support.
+
 ### STM32C0 Programming
 
 Compile requirements: `make TARGET=stm32c0 NVM_FLASH_WRITEONCE=1`
