Brian C. Lane wrote: >onestone wrote: > > > >>Hi Brian >> >>Perhaps you'd be better off with a DSP? I do use the MSP430 for DSP, but >>primarily for fairly simple filters, and, at 8k sample rate still can't >> >> > >Not to give too much away, but the code is for a DSP. The '430 has a TI >DSP's host port connected to a bunch of its I/O pins. The DSP code is >loaded into the DSP's RAM at bootup. Putting the DSP code into a '430 >with the fuse blown is a bit more secure than having it hanging out in a > flash attached to the DSP. > >Brian > > > Unless you need other peripherals of the MSP430, here another proposal for DSP firmware security: Combine a flash with a laser ID chip (Single Wire). Then you need the capability in the DSP firmware to read the ID. Then the firmware can modify itself during the first boot such as to boot and function later only with the unique id present (use ID for encryption). Imitating the ID chip is "impossible". In this way you can choose the flash you like, development is only for one processor (the DSP) and you have a true serial number built into your device. If you choose a singlewire temperature sensor as ID, you have the temperature sensor of the MSP430 replaced, too. Regards D. Teuchert -- Dipl.-Phys. Dieter Teuchert Software und Systeme Postanschrift: Telefon: Telefax: EMail Firma: EMail perslich: Internet: Rommelstr. 6 D-76571 Gaggenau Germany +49 7225 989253 +49 7225 989254 info@info... dieter@diet... _http://www.cadt.de_
Guru needed
Started by ●July 6, 2004
Reply by ●July 8, 20042004-07-08
Reply by ●July 8, 20042004-07-08
Dieter Teuchert wrote:
>
> Unless you need other peripherals of the MSP430, here another proposal
> for DSP firmware security:
>
> Combine a flash with a laser ID chip (Single Wire).
>
> Then you need the capability in the DSP firmware to read the ID. Then
> the firmware can modify itself during the first boot such as to boot and
> function later only with the unique id present (use ID for encryption).
> Imitating the ID chip is "impossible".
>
> In this way you can choose the flash you like, development is only for
> one processor (the DSP) and you have a true serial number built into
> your device. If you choose a singlewire temperature sensor as ID, you
> have the temperature sensor of the MSP430 replaced, too.
The problem is that the code is still in the flash, and some part of it
has to be 'in the clear' in order for the DSP to boot. It would be
nice
if TI had built a 'secure bootloader' into the DSP so that the flash
could be encrypted (or at least obscured to some degree).
The basic problem is that if the code passes across wires it can be
sniffed, disassembled and copied. The real solution is DSP's with
integrated flash for booting.
I should probably stop before I get into trouble for talking too much
(don't you just love working with closed source).
Brian
--
-----------------
Brian C. Lane (W7BCL) Programmer
www.shinemicro.com RF, DSP & Microcontroller Design
Reply by ●July 8, 20042004-07-08
onestone wrote: > Neat idea. Inefficient ;@} but neat. I have to admit security has never Thanks :) Its actually not too terrible, overhead for the load is minimal, being a start address and count and most of the code goes into contiguous memory so most of the usage is raw data. but it would be nice to have it compressed as well -- that's on the list of stuff to do as soon as there's time (or I totally run out of space). > been of huge concern to me in micros, having , for a while, specialised > in reverse engineering. It became obvious to me that functional > reproduction is far cheaper than expensive software cracks. The only > thing I do is have a few code or data tables that are real, but which, > when decoded show a copyright message. Other than that first in best > dressed, keep every code copy, and have the next 4 versions ready before > mk 1 gets released. A copyright notice is a must if you ever have to go to court to prove that someone has copied your code. On some older Motorola parts they had 'extra' opcode values that could be used to obscure some pieces of code, but in the end if you can read it you can copy it and you can eventually understand it and reproduce it. The '430 was a part we were already using and has the added benefit of having a large flash (most of which was not being used by '430 code) and the JTAG fuse blowing feature. We also looked hard at the LPC21xx series but they have no code protection at all. Brian -- ----------------- Brian C. Lane (W7BCL) Programmer www.shinemicro.com RF, DSP & Microcontroller Design
Reply by ●July 8, 20042004-07-08
On Thu, Jul 08, 2004 at 05:29:36PM +0200, Dieter Teuchert wrote:
> Unless you need other peripherals of the MSP430,
here another proposal
> for DSP firmware security:
>
> Combine a flash with a laser ID chip (Single Wire).
>
> Then you need the capability in the DSP firmware to read the ID. Then
> the firmware can modify itself during the first boot such as to boot and
> function later only with the unique id present (use ID for encryption).
> Imitating the ID chip is "impossible".
It is quite simple to imitate a Dallas one wire serial number chip (DS2401?)
by a PLD or even a faster microcontroller. They store just some bits, no
encryption, no special security. You just need to know the serial number
and as far as I remember the number is printed on the button-type case.
M.
Reply by ●July 8, 20042004-07-08
Matthias Weingart wrote:
> On Thu, Jul 08, 2004 at 05:29:36PM +0200,
Dieter Teuchert wrote:
>
>
>>Unless you need other peripherals of the MSP430, here another proposal
>>for DSP firmware security:
>>
>>Combine a flash with a laser ID chip (Single Wire).
>>
>>Then you need the capability in the DSP firmware to read the ID. Then
>>the firmware can modify itself during the first boot such as to boot and
>>function later only with the unique id present (use ID for encryption).
>>Imitating the ID chip is "impossible".
>
>
> It is quite simple to imitate a Dallas one wire serial number chip
(DS2401?)
> by a PLD or even a faster microcontroller. They store just some bits, no
> encryption, no special security. You just need to know the serial number
> and as far as I remember the number is printed on the button-type case.
The 2401 is a bit small to print the serial number on :> Its a 6 pin
SOIC(I think that's the package). Also, the full 64 bits aren't
unique,
there are 8 bits of family code and 8 bits of CRC8 checksum. The
remaining 48 bits are sequential from the factory, so figuring out a
range to brute force isn't too difficult.
But its better than nothing :)
Brian
--
-----------------
Brian C. Lane (W7BCL) Programmer
www.shinemicro.com RF, DSP & Microcontroller Design