Lpc2000

Still nothing concrete or specific.

It is irresponsible to carry on a thread implying there are CRP 
exploits using JTAG

For those with an elementary knowledge of microcontroller 
architecture it is easy to understand that on reset a signal can be 
raised that blocks debug break signals from JTAG and that this 
blocking action will require a specific action to clear. This might 
be called a very effective 'child proof' lock.

It is extraordinarily bad form to imply in a title that CRP exploits 
with JTAG exist. Many will not read beyond the subject title.

I have said this before and I will say it again. What is the real 
agenda?

John Heenan



--- In lpc2000@yahoogroups.com, Jayasooriah <jayasooriah@...> wrote:
> 
> I would not assume CRP is safe just because nobody has posted a 
JTAG 
> exploit in this forum.  I would enumerate threats, then assess each 
threat 
> in terms of risks and costs.  Putting your product in student 
laboratories 
> is a very different ball game to sending them out to some country 
that does 
> not have enforceable copyright laws.
> 
> IMO, JTAG window has too large an attack surface area to consider 
it safe 
> for most (if not all) of the requirements I have had to evaluated.  
Adding 
> to this, the fact that boot loader code is closed and comes with no 
> certification of any kind makes CRP no more than "child proofing" 
as one 
> poster put it.
> 
> Regards
> 
> Jaya