STM32 gotchas
54.In 'F1, RDP also sets write protection on first sectors

The basic mechanism which prevents unauthorized reading/copying of firmware in FLASH in STM32 is called RDP (ReaD Protection). In newer STM32 families there are also additional protection mechanisms (Proprietary code readout protection (PCROP), sophisticated secure mechanisms in 'H7 and 'L5; but RDP is the staple security mechanism, which is present since the very first 'F1 family.

RDP has 3 levels:

In all settings, program running from FLASH still can both read and write FLASH - unless, that is, FLASH write is disabled, through a different mechanism.

Most newer families have a separate protection mechanism to disable erase/write individual sectors (or groups of sectors, e.g. sector pairs in 'F0/'F3). However, this is not the case of 'F1.

In 'F1, there is no separate write protection mechanism; however, setting RDP to other than Level 0 automatically enables write protection on the first couple of sectors:

Once the protection byte has been programmed: [...] Pages 0-3 (for low- and medium-density devices), or pages 0-1 (for high-density and connectivity line devices) are automatically write-protected. The rest of the memory can be programmed by the code executed from the main Flash memory (for IAP, constant storage, etc.), but it is protected against write/erase (but not against mass erase) in debug mode or when booting from the embedded SRAM.

This for the 'F1 family is documented in PM0075, "Flash Programming Manual". Again, such a "Programming Manual" is unique for the 'F1 family - in all subsequent families the FLASH-related details were simply included in the respective Reference Manual.

This issue was brought up here.