DfuSe (DFU with ST Microsystems extensions) is a protocol based on DFU 1.1. However, in expanding the functionality of the DFU protocol, ST Microsystems broke all compatibility with the DFU 1.1 standard. DfuSe devices report the DFU version as "1.1a".
DfuSe can be used to download firmware and other data from a host computer to a conforming device (or upload in the opposite direction) over USB similar to standard DFU.
The main difference from standard DFU is that the target address in the device (flash) memory is specified by the host, so that a download can be performed to parts of the device memory. The host program is also responsible for erasing flash pages before they are written to.
A special file format is defined by ST Microsystems to carry firmware for DfuSe devices. The file contains target information such as address and alternate interface information in addition to the binary data. Several blocks of binary data can be combined in one .dfu file. The companion Python script dfuse-pack.py can be used to create, check or unpack such files.
Different memory locations of the device may have different characteristics that the host program (dfu-util) has to take into considerations, such as flash memory page size, read-only versus read-write segments, the need to erase, and so on. These parameters are reported by the device in the string descriptors meant for describing the USB interfaces. The host program decodes these strings to build a memory map of the device. Different memory units or address spaces are listed in separate alternate interface settings that must be selected according to the memory unit to access.
Note that dfu-util leaves it to the user to select alternate interface. When parsing a .dfu file it will skip file segments not matching the selected alternate interface. Also, some DfuSe device firmware implementations ignore the setting of alternate interface and deduct the memory unit from the address, since they have no address space overlap.
DfuSe special commands are used by the host program during normal downloads or uploads, such as SET_ADDRESS and ERASE_PAGE. Also the normal DFU_DNLOAD and DFU_UPLOAD commands have special implementations in DfuSe. Many DfuSe devices also support commands to leave DFU mode, read unprotect the flash memory or mass erase the flash memory. dfu-util (from version 0.7) supports adding "leave", "unprotect", or "mass-erase" to the -s option argument to send such requests in combination with a download request. These modifiers are separated with a colon.
Some DfuSe devices have their DfuSe bootloader running from flash memory. Erasing the whole flash memory would therefore destroy the DfuSe bootloader itself and practically brick the device for most users. Any use of modifiers such as "unprotect" and "mass-erase" therefore needs to be combined with the "force" modifer. This is not included in the examples, to not encourage ignorant users to copy and paste such instructions and shoot themselves in the foot.
Devices based on for instance STM32F103 all run the bootloader from flash, since there is no USB bootloader in ROM.
For instance STM32F107, STM32F2xx and STM32F4xx devices have a DfuSe bootloader in ROM, so the flash can be erased while keeping the device available for USB DFU transfers as long as the device designers use this built-in bootloader and have not implemented another DfuSe bootloader in flash that the user is dependent upon.
Well-written bootloaders running from flash will report their own memory region as read-only and not eraseable, but this does not prevent dfu-util from sending a "unprotect" or "mass-erase" request which overrides this, if the user insists.
Flashing a .dfu (special DfuSe format) file to the device:
$ dfu-util -a 0 -D /path/to/dfuse-image.dfu
Reading out 1 KB of flash starting at address 0x8000000:
$ dfu-util -a 0 -s 0x08000000:1024 -U newfile.bin
Flashing a binary file to address 0x8004000 of device memory and ask the device to leave DFU mode:
$ dfu-util -a 0 -s 0x08004000:leave -D /path/to/image.bin