Lpc2000

You're getting me worried..

I also have to support ISP without P0.14 - absolutely no choice and 
not an issue of saving a pin - it is the fact that the chip is in a 
sealed and protected casing containing a high security key (which 
gets wiped out if the case is opened, drilled into, sujected to to 
high/low temperatures etc. It is too dangerous to allow the ISP line 
to be accessible from outside otherwise some smart-alec will use it 
to load a program to simply read and send out the secret key.

First I was monitoring the Rx line using a PIC but it got too messy 
and space requirements made me remove it and connect the ISP line to 
VDD - the solution being to request the processor to go to download 
mode before which it also destroys the key information and then 
deletes the first sector. Turning one and off power then 
automatically enters the ISP mode and new code can be loaded (of 
course a new key will also have to be loaded afterwards, but that is 
what we want - only when the key has been loaded is the issue safely 
sensitive again..)

I thought that the check sum over the interrupt vectors was 
calculated and written automatically by the device at the end of an 
ISP download. Is there evidence that this technique can fail if the 
ISP download is aborted before it has completed? (valid interrupt 
vector check sum without any code). Perhaps we should experiment a 
little to avoid getting caught out.

Any expert out there who know the exact answer????

Cherrs

Mark Butcher
www.mjbc.ch


Replying to the comment...

> >Here's a thought, how about reading sector zero into RAM and 
erasing
> >the location corresponding to location 0x14 in flash (valid code
> >ID).  Then erase sector zero and write back the modified version 
from
> >RAM.  That way you have cleared the valid code ID and the next 
reset
> >will result in entry into ISP mode.
> 
> I don't think that's any more effective than simply erasing the 
first 
> sector, although it does give it a longer period to run between 
being made 
> invalid and actually requiring a reload.  It doesn't get rid of 
the basic 
> vulnerability of trying to set up ISP w/o access to P0.14 though.  
If you 
> only get partway through reloading the flash (say you erase the 
device and 
> program the first two sectors) you end up with a device with an 
invalid 
> program that 'thinks' it has a valid program.  You can't force it 
into ISP 
> mode in hardware and there isn't enough program left to shift it 
into ISP 
> mode  in software.
>