Lpc2000

Hello, Robert.

On the topic of protection, I just want to throw this out as
a cautionary note.  The method of code protection that Philips
is proposing for the LPC family looks good, but I see at least
one good attack on it.  Namely, a trojan horse.

Since the programming firmware is not to be touched by the
normal programmer/developer, we're prone to not even look at
it.  A clever attacker could take a target system, blank the
chip, load in new code which overwrites the boot code provided
by Philips.  Such a design will require reading and understanding
the Philips code and designing a reasonable substitute.  The
difference would be that it would only act like it prevented
readback of code after protection was set.  Via some special
sequence, the boot code would read out the FLASH.

So, the attack goes:
1) but the target device
2) blank and reprogram the flash
3) return it as broken and ask for it to be reprogrammed (may
   require some social engineering)
4) send it back and let them reprogram it
5) receive 'fixed' unit and read out FLASH with special sequence.

So, when repairing failed units, you may want to take an extra
step to ensure that this kind of attack hasn't occured--load
in a quick program that does a checksum on the bootblock and
gives back a thunbs up/down indication of tampering.

Also, this kind of attack could be launched through a supply
chain.  Be careful who you buy your chips from and where they
get them from.

This just crossed my mind as I was drifting off to sleep last
night, so I thought I'd share it so that it doesn't have to
keep anyone else up.

Cheers,
David