philips_apps wrote:
> Mauricio,
>
> with IAP calls you can not erase the bootloader, it protects itself
> as it knows where it is located.
>
Ok. It sounds good.
> I can assure you we have an options to program the
virgin device on
> a tester.
>
Let's say that your answer is a little bit obscure. So my code is
protected as far as no one knows what happens in that "tester" ? It
doesn't look like something very safe.
Client : - Is my code secure in this device ?
Me : - Yes, of course. Noboby can read your code. Well, Philips can,
but they told me that they will never tell how to do that.... By the
way, may you give me your bank account and password please ?
> Regards, Robert
Mauricio
Re: LPC FLASH security (CRP) broken?
Started by ●December 21, 2005
Reply by ●December 22, 20052005-12-22
Reply by ●December 22, 20052005-12-22
> with IAP calls you can not erase the bootloader, it protects itself
> as it knows where it is located.
How is a bootloader 'update' handled if IAP calls cannot erase the
bootloader?
> I can assure you we have an options to program the virgin device on
> a tester.
Can any of these 'options' read a device?
Is CRP solely implemented in the software based bootloader?
Joel
> as it knows where it is located.
How is a bootloader 'update' handled if IAP calls cannot erase the
bootloader?
> I can assure you we have an options to program the virgin device on
> a tester.
Can any of these 'options' read a device?
Is CRP solely implemented in the software based bootloader?
Joel
Reply by ●December 22, 20052005-12-22
> Message: 10
> Date: Thu, 22 Dec 2005 20:58:17 +0100
> From: "Marko Pavlin (home)" <mp@mp@....>
> Subject: I Gotta Know
>
> I am not Elvis, but "I Gotta Know".
>
> Is here anyone dealing with wireless 802.15.4 on LPC21xx or
> even using
> Chipcon CC2420 with LPC21xx, or "I'll be one and only till
> the end of time"?
>
> Thank you!
> Marko
Marko,
I've been using the CC2420 for quite awhile on the AVR's, actually, the
availability of GCC on the LPC and the existence of some template libs for
the CC2420 was the primary reason I started investigating the LPC's.
Steve
> Date: Thu, 22 Dec 2005 20:58:17 +0100
> From: "Marko Pavlin (home)" <mp@mp@....>
> Subject: I Gotta Know
>
> I am not Elvis, but "I Gotta Know".
>
> Is here anyone dealing with wireless 802.15.4 on LPC21xx or
> even using
> Chipcon CC2420 with LPC21xx, or "I'll be one and only till
> the end of time"?
>
> Thank you!
> Marko
Marko,
I've been using the CC2420 for quite awhile on the AVR's, actually, the
availability of GCC on the LPC and the existence of some template libs for
the CC2420 was the primary reason I started investigating the LPC's.
Steve
Reply by ●December 22, 20052005-12-22
--- In lpc2000@lpc2..., Mauricio Scaff <scaffm@g...> wrote:
>
>
> > I can assure you we have an options to program the virgin device on
> > a tester.
> >
> Let's say that your answer is a little bit obscure. So my code is
> protected as far as no one knows what happens in that "tester" ? It
> doesn't look like something very safe.
>
How can you catagorize it as not "very safe" without even knowing what
a "tester" is?? A tester, like the HP3000, is often used to test
devices while they are still on the wafer prior to packaging. Devices
at that stage are far more accesible than they are after they are
packaged, and all you can get at are the pins or balls. It could also
program the device via access methods that become completely
unavailable after packaging. For instance, if the device is a "stacked
die" part, then it could be programed before the dice are even bonded
out. This is not to say that is what is actually happening, but just
to point out that making a judgement from a position of no knowledge
is not likely to be very profitable to anyone.
BTW, if you are assuming that what is happening is just hidden access
mechanisms on completed parts, then I would agree that you are
justified in worrying about security. "Security by obscurity" always
fails eventually.
-- Dave
>
>
> > I can assure you we have an options to program the virgin device on
> > a tester.
> >
> Let's say that your answer is a little bit obscure. So my code is
> protected as far as no one knows what happens in that "tester" ? It
> doesn't look like something very safe.
>
How can you catagorize it as not "very safe" without even knowing what
a "tester" is?? A tester, like the HP3000, is often used to test
devices while they are still on the wafer prior to packaging. Devices
at that stage are far more accesible than they are after they are
packaged, and all you can get at are the pins or balls. It could also
program the device via access methods that become completely
unavailable after packaging. For instance, if the device is a "stacked
die" part, then it could be programed before the dice are even bonded
out. This is not to say that is what is actually happening, but just
to point out that making a judgement from a position of no knowledge
is not likely to be very profitable to anyone.
BTW, if you are assuming that what is happening is just hidden access
mechanisms on completed parts, then I would agree that you are
justified in worrying about security. "Security by obscurity" always
fails eventually.
-- Dave
Reply by ●December 22, 20052005-12-22
The bootloader is updated by a program that is uploaded to the internal
ram. I guess this program contains the flash programming code itself and
it does not use the iap calls at any time.
Richard. Joel Winarske wrote:
> > with IAP calls you can not erase the bootloader, it protects itself
> > as it knows where it is located.
>
> How is a bootloader 'update' handled if IAP calls cannot erase the
> bootloader?
>
> > I can assure you we have an options to program the virgin device on
> > a tester.
>
> Can any of these 'options' read a device?
>
> Is CRP solely implemented in the software based bootloader? >
> Joel >
>
> SPONSORED LINKS
> Microprocessor
> <http://groups.yahoo.com/gads?t=ms&k=Microprocessor&w1=Microprocessor&w2=Microcontrollers&w3=Pic+microcontrollers&w451+microprocessor&c=4&s&.sig=tsVC-J9hJ5qyXg0WPR0l6g>
> Microcontrollers
> <http://groups.yahoo.com/gads?t=ms&k=Microcontrollers&w1=Microprocessor&w2=Microcontrollers&w3=Pic+microcontrollers&w451+microprocessor&c=4&s&.sig=DvJVNqC_pqRTm8Xq01nxwg>
> Pic microcontrollers
> <http://groups.yahoo.com/gads?t=ms&k=Pic+microcontrollers&w1=Microprocessor&w2=Microcontrollers&w3=Pic+microcontrollers&w451+microprocessor&c=4&s&.sig=TpkoX4KofDJ7c6LyBvUqVQ>
>
> 8051 microprocessor
> <http://groups.yahoo.com/gads?t=ms&k51+microprocessor&w1=Microprocessor&w2=Microcontrollers&w3=Pic+microcontrollers&w451+microprocessor&c=4&s&.sig=1Ipf1Fjfbd_HVIlekkDP-A >
>
> >. >
>
ram. I guess this program contains the flash programming code itself and
it does not use the iap calls at any time.
Richard. Joel Winarske wrote:
> > with IAP calls you can not erase the bootloader, it protects itself
> > as it knows where it is located.
>
> How is a bootloader 'update' handled if IAP calls cannot erase the
> bootloader?
>
> > I can assure you we have an options to program the virgin device on
> > a tester.
>
> Can any of these 'options' read a device?
>
> Is CRP solely implemented in the software based bootloader? >
> Joel >
>
> SPONSORED LINKS
> Microprocessor
> <http://groups.yahoo.com/gads?t=ms&k=Microprocessor&w1=Microprocessor&w2=Microcontrollers&w3=Pic+microcontrollers&w451+microprocessor&c=4&s&.sig=tsVC-J9hJ5qyXg0WPR0l6g>
> Microcontrollers
> <http://groups.yahoo.com/gads?t=ms&k=Microcontrollers&w1=Microprocessor&w2=Microcontrollers&w3=Pic+microcontrollers&w451+microprocessor&c=4&s&.sig=DvJVNqC_pqRTm8Xq01nxwg>
> Pic microcontrollers
> <http://groups.yahoo.com/gads?t=ms&k=Pic+microcontrollers&w1=Microprocessor&w2=Microcontrollers&w3=Pic+microcontrollers&w451+microprocessor&c=4&s&.sig=TpkoX4KofDJ7c6LyBvUqVQ>
>
> 8051 microprocessor
> <http://groups.yahoo.com/gads?t=ms&k51+microprocessor&w1=Microprocessor&w2=Microcontrollers&w3=Pic+microcontrollers&w451+microprocessor&c=4&s&.sig=1Ipf1Fjfbd_HVIlekkDP-A >
>
> >. >
>
Reply by ●December 22, 20052005-12-22
Dear Robert,
Could you also confirm you have no options to read a CRP enabled
device on your tester?
The gripe here is that client requirements are quite clear. The
client will not use a part unless the manufactur guarantees there are
no (known) hidden or undisclosed methods tha the manufacture has
chosen not to disclose that the "enemy" can use to read locked down code.
The client did not say this explicitly, but it my guess that this
client thinks that if Philips chose not to disclose LPC flash
programming algorithm, it may well likewise chose not to disclose
methods or open holes in in the implementation that defeat CRP.
I know the client is happy with protection oferred in AVR device, and
is looking to LPC for other requirements, but the trust component is
not there yet in relation to Philips.
For this reason, I would suggest Philips put effort on this front in
relation to CRP feature if it wants LPC parts to be used in the same
league as AVR parts.
Regards,
Jaya
--- In lpc2000@lpc2..., "philips_apps" <philips_apps@y...> wrote:
>
> Mauricio,
>
> with IAP calls you can not erase the bootloader, it protects itself
> as it knows where it is located.
>
> I can assure you we have an options to program the virgin device on
> a tester.
>
> Regards, Robert
Could you also confirm you have no options to read a CRP enabled
device on your tester?
The gripe here is that client requirements are quite clear. The
client will not use a part unless the manufactur guarantees there are
no (known) hidden or undisclosed methods tha the manufacture has
chosen not to disclose that the "enemy" can use to read locked down code.
The client did not say this explicitly, but it my guess that this
client thinks that if Philips chose not to disclose LPC flash
programming algorithm, it may well likewise chose not to disclose
methods or open holes in in the implementation that defeat CRP.
I know the client is happy with protection oferred in AVR device, and
is looking to LPC for other requirements, but the trust component is
not there yet in relation to Philips.
For this reason, I would suggest Philips put effort on this front in
relation to CRP feature if it wants LPC parts to be used in the same
league as AVR parts.
Regards,
Jaya
--- In lpc2000@lpc2..., "philips_apps" <philips_apps@y...> wrote:
>
> Mauricio,
>
> with IAP calls you can not erase the bootloader, it protects itself
> as it knows where it is located.
>
> I can assure you we have an options to program the virgin device on
> a tester.
>
> Regards, Robert
