Lpc2000

Don,

we al respect engineers who come up with facts, do measurements,
experiments to sustain their theories but let's be real, so far we got
a memory dump of a LPC2104 bootloader, which be no means has any
security options according to Philips. 
This is about as irrelevant as it can be within the LPC2000 family
because ALL other members do have a security option.
We also got many hypothetical constructs with little or no facts based
on LPC silicon but on "experience with ARM and JTAG". This has been
discussed way longer than the shelve life and it really starts to
smell. I absolutely second Heenan and Tom that 2 months of discussions
with probably 200-300 posts half of all from one person are too much
of the good thing. 
If someone really sees CRP fail I am the first who wants to know but
until then we have read enough about theories that were not even
followed up with practical test by the same person.  
Are we all the students of an academic that come with theories and
asks us to do the work to proof him wrong!?

I really try to be fair here but let's go on with life and focus on
work, please

A not so cheerful Bob

p.s. I know I will get flamed for this post but at least most of my
postings are based on facts, experiments and measurements.

-- In lpc2000@yahoogroups.com, "Don Williams" <donw@...> wrote:
>
> Heenan,
> We others, who also have half abrain,  appreciate the energy in this
> examination and hope it proves that we all KNOW such security is
tight, but
> we embrace those who have the energy to question - and that of
others who
> with detailed rebuttal prove we are safe with a chippie we all
respect -or
> we wouldnt be here.
> 
> May I and others who understand no chip of this complexity can have ZERO
> BUGS offer our respect, affection and support for the designers who
struggle
> to produce good silicon - and to others who perform exhaustive and
publicly
> published testing of same. And Im sure the testers - who have more
than half
> a brain in my analysis, also have respect and affection for the
designers.
> The Ying and the Yang.
> Like democracy we debate and through our debate we build something
stronger.
> We share our minds.
> 
> So stuff ur religious politics up your Kwazoo - and pass it on to G
W Bush.
> 
> Europe will be stronger, because wider separated minds will share a
wider
> experience.
> Provided we debate.
> Religion tries to make all minds the same and those societies who
weaken to
> religion will wane.
> 
> SO QUESTION  REALITY ... analyse ur lovin..as the song goes ...you may
> appreciate it more ... or get something better quicker....
> 
> Rgds to all this sunny morn from downunder.
> 
> DonW
> 
> 
> 
> 
> 
> 
> ----- Original Message ----- 
> From: "John Heenan" <l10@...>
> To: <lpc2000@yahoogroups.com>
> Sent: Friday, February 10, 2006 12:24 AM
> Subject: [lpc2000] Silly and irresponsible title Re: CRP exploits
using JTAG
> 
> 
> > Still nothing concrete or specific.
> >
> > It is irresponsible to carry on a thread implying there are CRP
> > exploits using JTAG
> >
> > For those with an elementary knowledge of microcontroller
> > architecture it is easy to understand that on reset a signal can be
> > raised that blocks debug break signals from JTAG and that this
> > blocking action will require a specific action to clear. This might
> > be called a very effective 'child proof' lock.
> >
> > It is extraordinarily bad form to imply in a title that CRP exploits
> > with JTAG exist. Many will not read beyond the subject title.
> >
> > I have said this before and I will say it again. What is the real
> > agenda?
> >
> > John Heenan
> >
> >
> >
> > --- In lpc2000@yahoogroups.com, Jayasooriah <jayasooriah@> wrote:
> > >
> > > I would not assume CRP is safe just because nobody has posted a
> > JTAG
> > > exploit in this forum.  I would enumerate threats, then assess each
> > threat
> > > in terms of risks and costs.  Putting your product in student
> > laboratories
> > > is a very different ball game to sending them out to some country
> > that does
> > > not have enforceable copyright laws.
> > >
> > > IMO, JTAG window has too large an attack surface area to consider
> > it safe
> > > for most (if not all) of the requirements I have had to evaluated.
> > Adding
> > > to this, the fact that boot loader code is closed and comes with no
> > > certification of any kind makes CRP no more than "child proofing"
> > as one
> > > poster put it.
> > >
> > > Regards
> > >
> > > Jaya
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Yahoo! Groups Links
> >
> >
> >
> >
> >
> >
> >
>