Yahoo Groups archive

Lpc2000

Index last updated: 2026-04-28 23:31 UTC

Message

Re: Bootloader / CRP summary update

2006-01-06 by unity0724

Many thanks to the summary and conclusion, and clarifications
 showing "no simple way of cracking the read protection."

I would suggest may be portion of bootloader should be locked 
up permanently, such that no user could reverse/disassembly 
the bootloader completely.  =>

- Break down bootloader flash into 2 segments/sectors,
- After power up, ARM7 runs on segment #0, immediately
   disables JTAG
- After doing all the secret chip initialization, disabling of 
   some chip features, switch to segment #1
- Bootloader Disables segment #0, this is sticky disabling and 
   could only be clear by reset or WDT
- Sticky bit also disables bootloader update, fulfilling some
  high expectation engineers bootloader will NEVER be corrupted
- Enable JTAG now if needed to, proceed to normal boot 
   loader functions...
- All user functions like flash programming are in segment #1

Nobody could predict what hackers will do after disassembly the 
boot loader, why not lock portion of it up permanently.  Only
drawback of user like us can no longer upgrade bootloader easily.

===================================
Secondly, may be good to build in a very very simple MMU on LPFQ144
in future...
- All flash+ram+bootloader inside chip are supervisor mode
- whatever outside chip are user mode
- I/O are not protected.
(better if it can be a pointer dividing internal flash memory into 2)

It will be good for:
- Someone to come out with a very nice LPC2xxx educational kit
- Some "Open Platform" oem board builder.

Regards


--- In lpc2000@yahoogroups.com, "philips_apps" <philips_apps@y...> 
wrote:
>
> For reference the posting we did on Dec 22
> ----
> 1) Am I right in assuming LPC2000 CRP is a software fence 
implemented
> in the supplied boot loader code?
> 
> Partially. It is a combination of Hardware and Software supplied in
> the bootloader code. Application running in micro has full access 
to
> the entire memory space.
> 
> 2) I am going to replace the Philips bootloader. I have figured out
> how to do it.
> 
> Replacing the Philips bootloader is not recommended. It hides the
> underlying hardware and allows Philips to use new flash 
technologies
> without impacting the end user. Philips Bootloader may reside in 
ROM
> or write/erase protected flash making replacement impossible. In
> LPC2101/2/3 the bootloader resides in on-chip ROM.
> 
> 3) How is Bootloader programmed for the first time?
> 
> Via JTAG on a tester. JTAG is accessible in virgin devices. Once
> bootloader is programmed and CRP is enabled the tester can't access
> the JTAG.
> 
> 4) CRP in devices with internal flash and external bus.
> 
> The bootloader prevents external boot if CRP is enabled. User
> Application residing in on-chip flash which needs to be protected
> should not execute code from external memory.
> 
> 5) Can bootloader write/erase itself?
> 
> No.
> 
> 6) Can bootloader get corrupted?
> 
> Very unlikely if IAP/ISP calls are used for flash programming.
> Very likely if Flash programming interface registers are directly
> accessed for flash programming.
> 
> 7) Can Philips comment if Quick-Pulse parallel programming can 
void 
> CRP?
> 
> First of all there is no Quick-Pulse parallel programming option 
for
> ARM based micros. We are sorry for not making clear what is meant 
by
> "Parallel Programming" for ARM based micros. Parallel programming 
for
> ARM based micros just means that the device can be mass programmed 
in
> a commercial programmer. Parallel programmers still use JTAG and/or
> ISP and go through the bootloader IAP routines to program the on-
chip
> flash. It does not matter how a part is programmed. If CRP is 
enabled
> it will remain enabled once the part is programmed. If CRP is 
enabled
> a parallel programmer can't access the flash unless it erases the
> whole flash. Same applies to the ISP utility and JTAG based 
> debuggers.
> 
> 8) Is CRP option available for 2104/05/06?
> 
> Not yet.
> 
> 9) Devices with external memory bus can be forced to boot from
> external memory?
> 
> ONLY if CRP is NOT enabled or NO internal flash present. Also see 
> (4).
> 
> 10) Can I tell client Philips has confirmed CRP is not voided by 
PP?
> 
> Yes. Also see (7).
> 
> 11) How do I reprogram a CRP enabled part?
> 
> Erase all user sectors in one go via ISP. You can reprogram it 
after 
> a
> power cycle.
> Please note that the protected code vanished and was not visible 
to a
> "spy" or "praying eyes".
> 
> --------
> 12) Can JTAG be or remain enabled through clocking the CPU slowly 
> and JTAG fast during the initial time window after reset where 
JTAG 
> is enabled?
> 
> No, the clock for JTAG and the CPU are syncronized on these 
devices. 
> There are not enough JTAG clocks to control the CPU before the 
JTAG 
> gets disabled by the bootloader software. 
> 
> 13) Can the bootloader update be performed when CRP is enabled?
> 
> No, the bootloader update uses commands like copy RAM to Flash 
which 
> is disabled when CRP is enabled. The message will be that there is 
> no communication possible. 
> 
> 
> Comment to Robert Adsets posting:
> It is correct that support efforts would be significantly higher 
> with published source code of the bootloader and let me add 
without 
> adding any benefits to you, our customers.
>

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.