Lpc2000

--- In lpc2000@yahoogroups.com, Dominic Rath <Dominic.Rath@g...> 
wrote:
>
> Just because Philips says something doesn't mean that it's true - 
they may be 
> holding information back, for whatever reason. This isn't a bad 
thing by 
> itself. But the LPC's have undocumented functionality, and that's 
what makes 
> people curious.
> 
> That said, I believe possible attacks on their CRP are very 
limited. Given the 
> bootloader code is free of bugs there is no way of having the 
bootloader 
> and/or sector 0 changed without destroying all the other flash 
content, too.
> 
> The JTAG comes up enabled, when the chip leaves reset, but it is 
disabled 
> within a few microseconds. I've fed continous TCK cycles into the 
device (TMS 
> high), and about 250us after the external reset was deasserted, 
the pulses 
> are returned on RTCK. Another 2 us later, RTCK turns quiet again, 
until about 
> 30us have passed. This was on a device with CRP disabled, and fits 
to what is 
> written in the user manual and the first few instructions of the 
bootloader 
> code.
> 
> Regards,
> 
> Dominic

But you haven't proven that CRP doesn't work.  The only important 
result is when you successfully grab the code from a protected 
device and document the attack so it can be reproduced.

The questions have been asked and answered; CRP works.  The 
alternative to accepting that assertion is to choose another 
device.  There are a lot of them around.

But, every device has warts and every device can be attacked with an 
SEM if it is worth the effort.  Even when the flash is buried 
beneath an oxide layer (Microchip).  Sure, it's harder (impractical, 
even) but not impossible.  It just has to be worth the cost of the 
attack.

The only exception is an FPGA loaded from a removable boot loader.  
Lose power; lose configuration and crypto keys.  And even the boot 
loader uses encryption during configuration transfer.  Reference 
Xilinx re: crypto applications.

Richard