Lpc2000

Hi Felix,

It is my guess (based on understanding of information on LPC devices
and history) that the two are the same.  In other words LPC comes out
of RESET with JTAG enabled (so you can recover when the on-chip flash
is NBG).  The only way to stop JTAG debugging is to actively disable
it on reset, and this is exactly what the boot loader is doing.

If this is true (and I say "if" becuase I have not got into further
disasesembling the rest of the boot loader on for the 2148 part) the
Boot Process Flow Chart on page 295 of the 214x user manual is flawed.

It would be untrue to claim that the Boot loader enables JTAG if CRP
is not enabled.  The boot loader disables JTAG first, and then enables
it if CRP is not enabled.

Dominic in later poster has explained how this can compromise CRP.

As to your last question, yes I have been told this is possible.  I
nave not done it, so I do not wish to comment on whether the method works.

Having got Philips to address the issue thus far was good, and I am
just hoping we can get more issues relating to CRP out in the open for
the benefit of all parties, including Philips.

I can see the LPC would fit well for use in security devices.  IMO, as
it stands using this in security context means Philips software team
is now in the trust domain.  This is an unecessary risk to take and
increases "attack surface area".

This is why I am looked at replacing the boot loader, but Philips will
not guarantee the part if this was done.  (You would expect Philips to
say this of course.)

One could work around this limitation by reloading the part with the
original boot loader should problems be found in any batch.

Jaya

--- In lpc2000@yahoogroups.com, "Felix" <felix_lazarev@y...> wrote:
>
> --- In lpc2000@yahoogroups.com, "jayasooriah" <jayasooriah@y...> wrote:
> >
> > Thank you for confirming JTAG is enabled upon reset before any code is
> > executed in a "virgin" device.  This confirms what my client has been
> > telling me all along.
> > 
> 
> i think you're mixing 2 things --- JTAG after reset and JTAG on
> "virgin" device.
> 
> 1) according to user manual '0x00000000' is written into every
> pinselect register when reset is low, thus switching JTAG/GPIO pins
> into GPIO mode Inputs. 
> 2) i assume that "virgin" device behaves different with GPIO, this can
> be done using simpliest 32 AND gate circuit.
> 
> 3) How ever -- Philips did not comment on my previous statement --- 
> IS THERE a way to reprogram BOOT on CPR enabled devices w/o erasing
> all sectors? (by using boot update procedure with patched boot)
>   If there is such possibility -- then i consider this CRP unsecure,
> and  not effective enough.
> Dixi.
>