Lpc2000

Hi Robert,

IMHO the LPC2xxx* should be regarded as safe until someone
claims to have _broken_ copy protection, not just come up with
a theoretical line of attack. And let's hope they say which line of
attack was vulnerable.
*excluding LPC2104/5/6

But I think ROM/FLASH might make a difference.
Because Philips must somehow get the bootloader into FLASH.
 - It might be that the JTAG is enabled at reset and the bootloader _must_
turn off protection before a JTAG attack can take place.
And a blank flash bootloader does not do this.
 - It might be that Philips put in an extra probing pad (not bonded out)
that controls whether the JTAG is enabled or disabled at reset (and it
is merely a matter of belt-and-braces as to why the bootloader
explicitly re-disables it).

 = With a substitute bootloader, one could omit that disabling
test the state of JTAG at hard reset before the bootloader has touched it.

With bootloader in ROM, as unity said, the Philips trap-door (which
might or might not be exploitable by an attacker) is not necessary.
But I have no way of knowing if Philips would remove such a
trap-door assuming one exists.

Regards,
Danish
--- In lpc2000@yahoogroups.com, Robert Adsett <subscriptions@...> wrote:
>
> At 03:22 PM 4/23/06 +0000, unity0724 wrote:
> >I'm only curious to find out if the JTAG is default as Enabled
> >for the ROM based LPC2103.  (Since bootloader is on ROM and they
> >can default the JTAG to OFF).
> 
> Whether the bootloader is in ROM or FLASH makes little practical difference 
> to what it can do.  If it's in ROM the only real difference is that it 
> can't be written over.  Which means it can't use that same memory area to 
> store parameters and it can't be updated in place.
> 
> That does mean it's more difficult to trash the bootloader, which is a good 
> thing.
> 
> Robert