Lpc2000

Just because Philips says something doesn't mean that it's true - they may be 
holding information back, for whatever reason. This isn't a bad thing by 
itself. But the LPC's have undocumented functionality, and that's what makes 
people curious.

That said, I believe possible attacks on their CRP are very limited. Given the 
bootloader code is free of bugs there is no way of having the bootloader 
and/or sector 0 changed without destroying all the other flash content, too.

The JTAG comes up enabled, when the chip leaves reset, but it is disabled 
within a few microseconds. I've fed continous TCK cycles into the device (TMS 
high), and about 250us after the external reset was deasserted, the pulses 
are returned on RTCK. Another 2 us later, RTCK turns quiet again, until about 
30us have passed. This was on a device with CRP disabled, and fits to what is 
written in the user manual and the first few instructions of the bootloader 
code.

Regards,

Dominic

On Sunday 25 December 2005 19:10, rtstofer wrote:
> Seems to me there is a whole lot of guessing going on with not one
> reproducible example of CRP failing for those versions in which CRP
> was implemented.
>
> Philips has stated that CRP functions properly.  In my view, that is
> sufficient until someone PROVES with a documented, reproducible,
> example that it does not.  No guesswork, no suppositions, no what
> if's, just a documented, reproducible example.  No amount of testing
> can prove that it does work but it only takes one example to prove it
> doesn't.
>
> Richard