Lpc2000

There is a technique called JTAG boundary scanning.  From memory, (I
did this some years ago) boundary scanning does not require the target
to come out of reset.  In such a system, the "ememy" is all over the
code long before the processor even wakes up, and thus how quickly it
takes to secure flash becomes irrelevant.

Incidentally, the unavailablity of BSDL files (for LPC devices) does
not prevent this type of attack.  There are methods by which one can
"discover" boundary architecture by blind scanning.

Philips needs to release a lot more information relating to its CRP
implementation and be more forthcoming with describing thing as they
are, not as they like us to believe (referring to "enabling" JTAG in
the boot loader) before I would consider CRP as anything more than
just a marketting gimmic.

Having said this, the issue with boot loader is that because Philips
will not publish its boot loader code, we never know what is hidden in
there that can be explioted by any would be attacker to void security
features.

The 'T' command that exists in 2104/5/6 boot loader that Philips has
not documented in any of the user manuals is one example.  What *is*
this command there for and why is Philips not telling us about it?

I prefer not to say more about the 'T' command until Philips has had
an opportunity to respond to my question in the new year.

Meanwhile, may your holiday break be happy and safe, and may the new
year bring you more happiness and even more prosperity.

Best wishes to all ...

Jaya

--- In lpc2000@yahoogroups.com, "unity0724" <unity0724@y...> wrote:
> => Is there another way to force load+run code from RAM when both
>    JTAG and ISP command are disabled?? 
> Thanks, and Regards  /MH
>