diff --git a/src/flash/nor/stm32l4x.c b/src/flash/nor/stm32l4x.c
index db8d5e78d..de36d56c7 100644
--- a/src/flash/nor/stm32l4x.c
+++ b/src/flash/nor/stm32l4x.c
@@ -1434,6 +1434,13 @@ static int stm32l4_write(struct flash_bank *bank, const uint8_t *buffer,
 	if (retval != ERROR_OK)
 		goto err_lock;
 
+	/* For TrustZone enabled devices, when TZEN is set and RDP level is 0.5,
+	 * the debug is possible only in non-secure state.
+	 * Thus means the flashloader will run in non-secure mode,
+	 * and the workarea need to be in non-secure RAM */
+	if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0_5))
+		LOG_INFO("RDP level is 0.5, the work-area should reside in non-secure RAM");
+
 	retval = stm32l4_write_block(bank, buffer, offset, count / 8);
 
 err_lock:
diff --git a/tcl/target/stm32l5x.cfg b/tcl/target/stm32l5x.cfg
index 02297e369..0616df1cb 100644
--- a/tcl/target/stm32l5x.cfg
+++ b/tcl/target/stm32l5x.cfg
@@ -173,7 +173,11 @@ $_TARGETNAME configure -event gdb-flash-erase-start {
 	} {
 		ahb_ap_secure_access
 		echo "TZEN option bit enabled"
-		set use_secure_workarea 1
+
+		# check if FLASH_OPTR.RDP is not Level 0.5
+		if {[expr {$FLASH_OPTR & 0xFF}] != 0x55} {
+			set use_secure_workarea 1
+		}
 	}
 
 	set workarea_addr [$_TARGETNAME cget -work-area-phys]