Lpc2000

On Monday 24 April 2006 11:16, John Heenan wrote:
> Here are the first eight instructions on my LPC2148, including the
> first five which have nothing to do with disconnecting the JTAG port.
>
Exactly - either because of different bootloader versions, or because Jaya 
mixed up LPC2148 and LPC229x bootloader code. But as it really doesn't matter 
if disabling JTAG is the first or the third thing, I don't think it's worth 
discussing this any further.

> Sounds like an indirect assertion Jaya has no idea what he is talking
> about.
>
I'd prefer not to make this personal, but yes, I don't think it's a good idea 
when he keeps asserting that CRP could be broken using JTAG before the 
bootloader had a chance to disable it.

> There is no difference in this context. A fuse is just a label. The
> fuse still represents non volatile memory storage. Ultimately all
> memory storage have their contents grabbed by hardware after setting
> up bus signals, be that by software or hardware.
>
Wouldn't it be possible to have non-volatile memory bits that can be "read" 
without requiring address decoding logic and timing requirements necessary 
with flash memory? Of course everything is ultimately grabbed by hardware, 
but having the decision in hardware would harden security in my opinion.

> > I don't understand why you're repeating this claim again and again.
> > At least I haven't seen any evidence that suggests that what you're 
> > saying is true - at least not for the LPC2294.
>
> In the context of the speculative nature of the postings, I don't
> understand why you have a problem with this statement. Lack of
> concrete evidence has never been a problem for Jaya, so why can't I
> present a sensible and obvious credible possibility that I have no
> concrete evidence for, while accepting it is just a possibility. It
> is not normal for semiconductor companies to publicly document the
> entire internal bus workings of their products, least of all security
> mechanisms.
>
I have a problem with your statement because of evidence that it is wrong for 
the LPC2294 (which is the only one I have), and serious doubts that the 
LPC2148 is different.
One thing that could change my mind would be a positive effect of writing 
0x87654321 to the CSPR. Of course this remains hypothetical if the CSPR turns 
out to be a write-once register (it obviously isn't read-only, as the 
bootloader writes it at least once).

> I am not able to confirm your statements about the LPC2294.
>
Okay, you can't confirm it, but do you agree that:
If there's nothing (on a LPC2294) enabling debug bus signals to act, they've 
been enabled since the beginning?

> John Heenan

Regards,

Dominic Rath