Lpc2000

Hello,

My composition of the source code for LPC2105 boot loader revision
1.52 can be found at:

  http://www.cse.unsw.edu.au/~jayas/esdk/files/lpc/2105.s

I had to do this to replace the boot loader supplied so as to stop my
students from killing their USB-LPC boards. There is enough in the
source file for anyone interested to write your own boot loader.

Anyone interersted in playing with the source should look at related
documentation (works in progress) higher up the tree.  You will find I
have a simple tool you can use to dump LPC boot sector (both 8K and
12K sizes) of the part you are using.  I will finish up to disasembly
section break for the holidays.

Although this is directed at a different audience to this group, your
input on errors, omissions and suggestions are most welcome.  Do feel
free to drop me an email with subject as "re: Boot Loader Internals".

Enjoy.

Jaya

In all your great wisdom you seem to have missed that the
LPC2104/2105/2106 can NOT be secured at all against reading the flash.
This is a well known fact and all findings in the LPC2105 about
security are absolutely worthless.
On top of that the 1.52 is an ancient version of the bootloader.

--- In lpc2000@yahoogroups.com, "jayasooriah" <jayasooriah@y...> wrote:

>
> Hello,
> 
> My composition of the source code for LPC2105 boot loader revision
> 1.52 can be found at:
> 
>   http://www.cse.unsw.edu.au/~jayas/esdk/files/lpc/2105.s
> 
> I had to do this to replace the boot loader supplied so as to stop my
> students from killing their USB-LPC boards. There is enough in the
> source file for anyone interested to write your own boot loader.
> 
> Anyone interersted in playing with the source should look at related
> documentation (works in progress) higher up the tree.  You will find I
> have a simple tool you can use to dump LPC boot sector (both 8K and
> 12K sizes) of the part you are using.  I will finish up to disasembly
> section break for the holidays.
> 
> Although this is directed at a different audience to this group, your
> input on errors, omissions and suggestions are most welcome.  Do feel
> free to drop me an email with subject as "re: Boot Loader Internals".
> 
> Enjoy.
> 
> Jaya
>

Hi,

> From: lpc2100_fan [mailto:lpc2100_fan@...]
> Sent: 04 January 2006 08:31
> To: lpc2000@yahoogroups.com
> Subject: [lpc2000] Re: LPC Boot Loader Internals
> 
> 
> In all your great wisdom you seem to have missed that the
> LPC2104/2105/2106 can NOT be secured at all against reading the flash.
> This is a well known fact and all findings in the LPC2105 about
> security are absolutely worthless.
> On top of that the 1.52 is an ancient version of the bootloader.

You know, those are very harsh words.  He didn't claim that it would add
anything in your hunt to find fault in LPC code protection--it was
presented as a general resource and was used to help his situation.  He
also asked if anybody could help him by passing comment on omissions or
errors.  He said exactly which bootloader and which chip it came from,
and to dismiss this out of hand is not very generous.

Personally, I don't think it's worthless-it's interesting.

-- Paul Curtis

> --- In lpc2000@yahoogroups.com, "jayasooriah" 
> <jayasooriah@y...> wrote:
> >
> > Hello,
> > 
> > My composition of the source code for LPC2105 boot loader revision
> > 1.52 can be found at:
> > 
> >   http://www.cse.unsw.edu.au/~jayas/esdk/files/lpc/2105.s
> > 
> > I had to do this to replace the boot loader supplied so as 
> to stop my
> > students from killing their USB-LPC boards. There is enough in the
> > source file for anyone interested to write your own boot loader.
> > 
> > Anyone interersted in playing with the source should look at related
> > documentation (works in progress) higher up the tree.  You 
> will find I
> > have a simple tool you can use to dump LPC boot sector (both 8K and
> > 12K sizes) of the part you are using.  I will finish up to 
> disasembly
> > section break for the holidays.
> > 
> > Although this is directed at a different audience to this 
> group, your
> > input on errors, omissions and suggestions are most 
> welcome.  Do feel
> > free to drop me an email with subject as "re: Boot Loader 
> Internals".
> > 
> > Enjoy.
> > 
> > Jaya
> >
> 
> 
> 
> 
> 
> 
>  
> Yahoo! Groups Links
> 
> 
> 
>  
> 
> 
>

--- In lpc2000@yahoogroups.com, "lpc2100_fan" <lpc2100_fan@y...> wrote:
>
> In all your great wisdom you seem to have missed that the
> LPC2104/2105/2106 can NOT be secured at all against reading the flash.
> This is a well known fact and all findings in the LPC2105 about
> security are absolutely worthless.
> On top of that the 1.52 is an ancient version of the bootloader.

There is no mention of CRP for 2104/5/6, only "protection" of boot
loader from erasure.  The internals for 2148 part will cover CEP.

Also, 1.52 is the latest version loader for this part on Philips web.

LPC_Fan,
Dont be caustic - its not required and we are all watching this story unfold
with objectivity. Your emotional sarcasm denies you the credit of being
considered wise.
When Phillips  come back from Holidays they may - or they may not, put our
minds to rest.
At least Jaya will be able to discuss their argument at a level higher than
I have time to prepare for - and I love him for it.

The best outcome for me - and I assume for others, is that Jaya says "OK -
ur CRP strategy works " and then I have no need to worry.
But its GFREAT to test the Phillips design..and they should apprectiate it
as well.
Send the man champagne - a credit to my alma mater
Rgds
DonW

----- Original Message ----- 

From: "lpc2100_fan" <lpc2100_fan@...>
To: <lpc2000@yahoogroups.com>
Sent: Wednesday, January 04, 2006 7:30 PM
Subject: [lpc2000] Re: LPC Boot Loader Internals


> In all your great wisdom you seem to have missed that the
> LPC2104/2105/2106 can NOT be secured at all against reading the flash.
> This is a well known fact and all findings in the LPC2105 about
> security are absolutely worthless.
> On top of that the 1.52 is an ancient version of the bootloader.
>
> --- In lpc2000@yahoogroups.com, "jayasooriah" <jayasooriah@y...> wrote:
> >
> > Hello,
> >
> > My composition of the source code for LPC2105 boot loader revision
> > 1.52 can be found at:
> >
> >   http://www.cse.unsw.edu.au/~jayas/esdk/files/lpc/2105.s
> >
> > I had to do this to replace the boot loader supplied so as to stop my
> > students from killing their USB-LPC boards. There is enough in the
> > source file for anyone interested to write your own boot loader.
> >
> > Anyone interersted in playing with the source should look at related
> > documentation (works in progress) higher up the tree.  You will find I
> > have a simple tool you can use to dump LPC boot sector (both 8K and
> > 12K sizes) of the part you are using.  I will finish up to disasembly
> > section break for the holidays.
> >
> > Although this is directed at a different audience to this group, your
> > input on errors, omissions and suggestions are most welcome.  Do feel
> > free to drop me an email with subject as "re: Boot Loader Internals".
> >
> > Enjoy.
> >
> > Jaya
> >
>
>
>
>
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>

It is still an apples and oranges discussion.  My LPC2106 has version 
1.52 of the boot loader.  The 2106 doesn't implement CRP nor is there 
any claim that it does or ever will.

The LPC2292/LPC2294 Product Datasheet in section 6.2 indicates that 
CRP wasn't implemented in the boot code until version 1.60 and the 
November 14, 2005 Errata for the 2294 mentions version 1.63 as being 
current in 2004.  Presumably, Philips is at or beyond 1.63.  Anyone 
with a device that implements CRP can find the boot loader version 
with the ISP Utility.


So, any tests or results on the 2106 are meaningless.  CRP was never 
implemented on this device and the boot code may never have been 
upgraded beyond 1.52 because the hardware doesn't support CRP.  This 
is a guess.  I bought my 2106 within the last 6 months but that 
doesn't mean the chip is recent manufacture.


One could draw a couple of likely incorrect conclusions.  The code 
protection is ALL firmware and the boot code totally implements it.  
Or, some hardware was added to the design of some devices (but not the 
2106) and the boot code takes advantage of the addition.

What shouldn't be done is mention any results of testing the 2106 and 
CRP in the same document.  Or mention any version of the boot code 
prior to version 1.60 because CRP wasn't implemented.

Richard

Hi, everybody, 
if you are only interested in CRP (Code Read protection), Please
ignore the following issues:
- Any disassembly of the bootloader, done on wrong LPC2105 chip
  with no protection
- Any undocumented commands on bootloader, e.g. 'T' command
- Any of the JTAG boundary scan 

Most people here have come to conclusion of the following, and
waiting for philips reply:
=>> Is the JTAG port enabled by hardware (if P1.26/P1.20 pulled low) 
after chip reset??
(*****  PLEASE FOCUS ON THIS ISSUE   *******)

Case 1) If JTAG port enabled by hardware automatically
- Hardware copies the state of P1.26/P1.30 and updates PINSEL2
  after reset.
- For CRP, the bootloader have to read location 0x1fc early and
  disables JTAG ports if CRP enabled
- This gives a hacking window of JTAG port not disabled between
  reset and before bootloader disabling it.
- The hacking windows could be "ENLARGE" by clocking the ARM CPU at
  much lower clock speed.  i.e. 10KHz
- You could send in all the JTAG commands in that window then and
  controls the ARM7 CPU...
- For manufacturing, Philips could use the JTAG port to program
  very first copy of bootloader when the chip is completely empty.

Case 2) If JTAG port is NOT enabled by hardware automatically
- PINSEL2 is cleared after reset.  All JTAG port are disabled by
  default.
- The bootloader have to read location 0x1fc and P1.26/P1.30 and
  enables JTAG ports accordingly
- The chip is well protected.   There is no way to read back code
  from JTAG port (unless and until bootloader enables it).
- For manufacturing, Philips must have "another way" of programming
  the chip (may be parallel programming).    Since there is no boot
  loader code when manufactured, plus JTAG is disabled after reset
  and cannot be used to write first copy of bootloader.
- As long as Philips keep secret of this "alternate flash 
  programming" method.   We are safe...
  (but Keep in mind that those chips are probably manufactured in
  TSMC-Taiwan or MXIC-Taiwan :)  )

Pls just sit back, relax and wait for philips answer...
they can run, buy-time but they cannot hide....  Heehee...

If philips "screw up" on this, affected parts will mostly be on 
LPC2114-LPC2194 and LPC2212-LPC2294 (all could be same silicon). 
They might have fixed the problem on LPC213x and LPC214x...



--- In lpc2000@yahoogroups.com, "rtstofer" <rstofer@p...> wrote:
>
> It is still an apples and oranges discussion.  My LPC2106 has 
version 
> 1.52 of the boot loader.  The 2106 doesn't implement CRP nor is 
there 
> any claim that it does or ever will.
> 
> The LPC2292/LPC2294 Product Datasheet in section 6.2 indicates 
that 
> CRP wasn't implemented in the boot code until version 1.60 and the 
> November 14, 2005 Errata for the 2294 mentions version 1.63 as 
being 
> current in 2004.  Presumably, Philips is at or beyond 1.63.  
Anyone 
> with a device that implements CRP can find the boot loader version 
> with the ISP Utility.
> 
> 
> So, any tests or results on the 2106 are meaningless.  CRP was 
never 
> implemented on this device and the boot code may never have been 
> upgraded beyond 1.52 because the hardware doesn't support CRP.  
This 
> is a guess.  I bought my 2106 within the last 6 months but that 
> doesn't mean the chip is recent manufacture.
> 
> 
> One could draw a couple of likely incorrect conclusions.  The code 
> protection is ALL firmware and the boot code totally implements 
it.  
> Or, some hardware was added to the design of some devices (but not 
the 
> 2106) and the boot code takes advantage of the addition.
> 
> What shouldn't be done is mention any results of testing the 2106 
and 

> CRP in the same document.  Or mention any version of the boot code 
> prior to version 1.60 because CRP wasn't implemented.
> 
> Richard
>

Hello,

On Wednesday 04 January 2006 17:50, unity0724 wrote:
> Case 1) If JTAG port enabled by hardware automatically
> - Hardware copies the state of P1.26/P1.30 and updates PINSEL2
>   after reset.
> - For CRP, the bootloader have to read location 0x1fc early and
>   disables JTAG ports if CRP enabled
> - This gives a hacking window of JTAG port not disabled between
>   reset and before bootloader disabling it.
> - The hacking windows could be "ENLARGE" by clocking the ARM CPU at
>   much lower clock speed.  i.e. 10KHz
> - You could send in all the JTAG commands in that window then and
>   controls the ARM7 CPU...
> - For manufacturing, Philips could use the JTAG port to program
>   very first copy of bootloader when the chip is completely empty.
>
JTAG is enabled after the chip comes out of reset, and it is disabled on the 
third instruction. I've tested this by applying a continous TCK and 
monitoring the output (see my posts in the original thread). The bootloader 
then checks the value present at 0x1fc, and reenables JTAG if it didn't find 
the 0x87654321.
You can't exploit this window because on ARM7TDMI-S cores the JTAG input is 
synchronized with the processor clock (hence the RTCK carrying a synchronized 
version of TCK).

Kind regards,

Dominic

--- In lpc2000@yahoogroups.com, Dominic Rath <Dominic.Rath@g...> 
> You can't exploit this window because on ARM7TDMI-S cores the JTAG 
> input is synchronized with the processor clock (hence the RTCK
> carrying a synchronized version of TCK).
> 
> Dominic
>

Hi, Many Thanks to your feedback...
If you can confirm hackers can't exploit that window, I believe
the chip could be read protected properly.

The others issues:
- Any undocumented command, i.e. 'T' commands
- JTAG boundary scans
could be protected by the bootloader, as long as bootloader
disables them when CRP enabled.

Reverse disassembly of bootloader is of no use in hacking the chip.
Regards

Hi Richard,

You are correct in saying the firmware (meaning boot loader code) is
an important component of CRP.  In fact, it is a CRITICAL component.

One keeps the computer system secure by not running any code that has
not been certified.  The also applies to LPC device.

The boot loader code in 1.52 of 2105 is no different with respect to
its structure and vulnerabilities to that in 2.01 for 2148 that has
CRP features.  [I do not yet have a 2148, and hence I have not (yet)
put up my findings for 2148.]

I have made it clear in my totoria on Boot Loader Internals:

"It has never been the intention of this tutorial to make claims
about, or expose flaws in, the security features of the
microcontroller and/or the boot loader code."

However, as the boot loader critical to the CEP security has you have
pointed out, it is relevant.  It is not like apples and oranges, but
more like hands and gloves.

Kind regards,

Jaya

--- In lpc2000@yahoogroups.com, "rtstofer" <rstofer@p...> wrote:

>
> It is still an apples and oranges discussion.  My LPC2106 has ...
>
> ... The code 
> protection is ALL firmware and the boot code totally implements it.  
> Or, some hardware was added to the design of some devices (but not the 
> 2106) and the boot code takes advantage of the addition.
> 
> What shouldn't be done is mention any results of testing the 2106 and 
> CRP in the same document.  Or mention any version of the boot code 
> prior to version 1.60 because CRP wasn't implemented.
> 
> Richard
>

--- In lpc2000@yahoogroups.com, Dominic Rath <Dominic.Rath@g...> wrote:
> JTAG is enabled after the chip comes out of reset,
> and it is disabled on the third instruction.

I have stated this from disassembling the code.

> I've tested this by applying a continous TCK and 
> monitoring the output (see my posts in the original thread).
> The bootloader then checks the value present at 0x1fc,
> and reenables JTAG if it didn't find the 0x87654321.

Disassembly is proof enough.  No need for testing.

> You can't exploit this window because on ARM7TDMI-S cores
> the JTAG input is synchronized with the processor clock
> (hence the RTCK carrying a synchronized version of TCK).

Is this is documented anywhere?

While it takes just one test to show a security vulnerability, is not
feasible (or valid) to claim a system is secure (or assure quality) by
testing alone.

There is a lot more that can be done via the JTAG inteface than what
is documented.

> Kind regards,
> 
> Dominic
>

--- In lpc2000@yahoogroups.com, "unity0724" <unity0724@y...> wrote:
> Reverse disassembly of bootloader is of no use in hacking the chip.
> Regards

If this is true, Philips would have provided us with source for the
boot loader.

You do not expect Philips to build defects into the boot loader.  It
does not follow however that there are no defects, or that they cannot
be exploited.

In a regime where obscurity is critical component of security,
exposing internals is a high security risk.

Jaya

Jaya,

http://www.arm.com/pdfs/DDI0234A_7TDMIS_R4.pdf
Chapter B3 about synchronized clock

Somebody at Philips went through some effort and wrote a very nize
summary on Dec 22

This should give you a good idea why the bootcode is not available in
source code:

----  quote  -------
2) I am going to replace the Philips bootloader. I have figured out
how to do it.

Replacing the Philips bootloader is not recommended. It hides the
underlying hardware and allows Philips to use new flash technologies
without impacting the end user. Philips Bootloader may reside in ROM
or write/erase protected flash making replacement impossible. In
LPC2101/2/3 the bootloader resides in on-chip ROM.

----  end quote  -------

Flash blocks change in size and timing. Providing a software interface
that you just need to call is much more user friendly than running
into support and debug issues every time an "expert" changes the code
to his/her liking generating undefined events in the flash programming
sequence or timing. 

It is fine that you disassembled the bootloader, nice exercise. Using
a reengineered version of the bootloader / programming software can
probably not increase the functionality but I can assure you it will
increase the trouble you get yourself and your customers in.

Overall, I do not understand you, if you think the CRP is not save,
then look at other devices and try to find one that is good enough for
your high standards. So far there have been 50++ messages but nobody
said that they were able to break the mechanism.

So, once you were able to set CRP in a device that actually can be
secured, which are all device but the LPC2104/5/6 and enable JTAG
without doing a chip erase I would be interested in your data. But
only then!

As a previous poster said, please feel free to set up a new Yahoo
group "Code read protection in ARM devices" and the enthusiasts will
follow you there.

As long as you post your assumptions, non-applicable bootloaders ....

Bob



--- In lpc2000@yahoogroups.com, "jayasooriah" <jayasooriah@y...> wrote:

>
> --- In lpc2000@yahoogroups.com, "unity0724" <unity0724@y...> wrote:
> > Reverse disassembly of bootloader is of no use in hacking the chip.
> > Regards
> 
> If this is true, Philips would have provided us with source for the
> boot loader.
> 
> You do not expect Philips to build defects into the boot loader.  It
> does not follow however that there are no defects, or that they cannot
> be exploited.
> 
> In a regime where obscurity is critical component of security,
> exposing internals is a high security risk.
> 
> Jaya
>

Umm... OK => by studying the bootloader, may be you can figure out
some silly mistakes by boot loader writer making CRP vulnerable to
attack. But pls reverse/disassembly on a correct CRP enabled chip.
And Let us know if you have some proven way of cracking the
protection. There is supposed to have enough hardware protection
(even if that H/W protection of "cannot crack into the JTAG enabled
window" is by "coincidence" and not original function by design).

The P89C51RD+ was also done in the same bootloader way (except
it has protection lock bits to disable the parallel programming)
Somwhow had not heard of anybody cracked the chip...

I'm happy as long as there is no simple way of cracking LPC2xxx...
Regards

--- In lpc2000@...m, "jayasooriah" <jayasooriah@y...> 
wrote:
>
> --- In lpc2000@yahoogroups.com, "unity0724" <unity0724@y...> wrote:
> > Reverse disassembly of bootloader is of no use in hacking the 
chip.
> > Regards
> 
> If this is true, Philips would have provided us with source for the
> boot loader.
> 
> You do not expect Philips to build defects into the boot loader.  
It
> does not follow however that there are no defects, or that they 
cannot

> be exploited.
> 
> In a regime where obscurity is critical component of security,
> exposing internals is a high security risk.
> 
> Jaya
>

Bob, are you having a bad day or is it a bad month? Hopefully it will 
improve. In the past you have been a helpful happy chap and a welcome 
contributor to this group.

I was going to reply to your initial remarks (ouch) but others answered 
up very well. Could you please explain to me why you are so insistent on 
shooting down this thread (or is it Jaya?). Do you think that we really 
want this group to become fragmented into specialist groups like "Code 
read protection in ARM devices"? I can only shake my head at the thought.

Posting information that could prove useful to somebody in the group 
should be encouraged. We all appreciate the discussions whether they are 
relevant to what we ourselves are doing at the time or not, or should we 
then just burn >99.9% of the books at the library because we think they 
are not relevant? If it's relevant to LPC2000 then this is where it belongs.

I treat Jaya's volunteered information as a "this is what I did" post of 
interest. It would be foolish to expect him to do something more or 
differently unless we were paying him.

Didn't he say he did this because his students were killing their 
USB-LPC boards. As far as I understand it, it was not a code security 
issue per se but rather a way of finding a way to make the boards 
"student proof" (good luck!).

*Peter*

lpc2100_fan wrote:

> Jaya,
>
> http://www.arm.com/pdfs/DDI0234A_7TDMIS_R4.pdf
> Chapter B3 about synchronized clock
>
> Somebody at Philips went through some effort and wrote a very nize
> summary on Dec 22
>
> This should give you a good idea why the bootcode is not available in
> source code:
>
> ----  quote  -------
> 2) I am going to replace the Philips bootloader. I have figured out
> how to do it.
>
> Replacing the Philips bootloader is not recommended. It hides the
> underlying hardware and allows Philips to use new flash technologies
> without impacting the end user. Philips Bootloader may reside in ROM
> or write/erase protected flash making replacement impossible. In
> LPC2101/2/3 the bootloader resides in on-chip ROM.
>
> ----  end quote  -------
>
> Flash blocks change in size and timing. Providing a software interface
> that you just need to call is much more user friendly than running
> into support and debug issues every time an "expert" changes the code
> to his/her liking generating undefined events in the flash programming
> sequence or timing. 
>
> It is fine that you disassembled the bootloader, nice exercise. Using
> a reengineered version of the bootloader / programming software can
> probably not increase the functionality but I can assure you it will
> increase the trouble you get yourself and your customers in.
>
> Overall, I do not understand you, if you think the CRP is not save,
> then look at other devices and try to find one that is good enough for
> your high standards. So far there have been 50++ messages but nobody
> said that they were able to break the mechanism.
>
> So, once you were able to set CRP in a device that actually can be
> secured, which are all device but the LPC2104/5/6 and enable JTAG
> without doing a chip erase I would be interested in your data. But
> only then!
>
> As a previous poster said, please feel free to set up a new Yahoo
> group "Code read protection in ARM devices" and the enthusiasts will
> follow you there.
>
> As long as you post your assumptions, non-applicable bootloaders ....
>
> Bob

> While it takes just one test to show a security vulnerability, is not
> feasible (or valid) to claim a system is secure (or assure quality) 
by
> testing alone.

True, security can never be proven.  So why not review the claims of 
Philips and make a decision:  I believe therefore I will buy.  I don't 
believe so I'll use Atmel.

If you think Philips will post the code or describe the internals on 
this forum, I think you are mistaken.

Stay with Atmel.

Richard

Hee, just kidding...pls don't mind

May be lpc2100_fan is one of the Philips chip engineer...
and does not want us to know:
- How to enable the 4 CAN ports on a LPC2124...
- Or may be how to enable the USB on LPC2138...
- Or may be how to enable some 2x 64K sectors on LPC2114...

Also rumours of Philips is trying to sell away it's whole semicon
division  (?? don't know how true is that)  Potential buyers
are Infineon and ST-Micro, but will be mostly just buying
part of the semicon...

Pls don't try to kill me....

--- In lpc2000@yahoogroups.com, Peter Jakacki <peterjak@t...> wrote:
>
> Bob, are you having a bad day or is it a bad month? Hopefully it 
will 
> improve. In the past you have been a helpful happy chap and a 
welcome 
> contributor to this group.
> 
> I was going to reply to your initial remarks (ouch) but others 
answered 
> up very well. Could you please explain to me why you are so 
insistent on 
> shooting down this thread (or is it Jaya?). Do you think that we 
really 
> want this group to become fragmented into specialist groups 
like "Code 
> read protection in ARM devices"? I can only shake my head at the 
thought.
> 
> Posting information that could prove useful to somebody in the 
group 
> should be encouraged. We all appreciate the discussions whether 
they are 
> relevant to what we ourselves are doing at the time or not, or 
should we 
> then just burn >99.9% of the books at the library because we think 
they 
> are not relevant? If it's relevant to LPC2000 then this is where 
it belongs.
> 
> I treat Jaya's volunteered information as a "this is what I did" 
post of 
> interest. It would be foolish to expect him to do something more 
or 
> differently unless we were paying him.
> 
> Didn't he say he did this because his students were killing their 
> USB-LPC boards. As far as I understand it, it was not a code 
security 
> issue per se but rather a way of finding a way to make the boards 
> "student proof" (good luck!).
> 
> *Peter*
> 
> lpc2100_fan wrote:
> > Jaya,
> >
> > http://www.arm.com/pdfs/DDI0234A_7TDMIS_R4.pdf
> > Chapter B3 about synchronized clock
> >
> > Somebody at Philips went through some effort and wrote a very 
nize
> > summary on Dec 22
> >
> > This should give you a good idea why the bootcode is not 
available in
> > source code:
> >
> > ----  quote  -------
> > 2) I am going to replace the Philips bootloader. I have figured 
out
> > how to do it.
> >
> > Replacing the Philips bootloader is not recommended. It hides the
> > underlying hardware and allows Philips to use new flash 
technologies
> > without impacting the end user. Philips Bootloader may reside in 
ROM
> > or write/erase protected flash making replacement impossible. In
> > LPC2101/2/3 the bootloader resides in on-chip ROM.
> >
> > ----  end quote  -------
> >
> > Flash blocks change in size and timing. Providing a software 
interface
> > that you just need to call is much more user friendly than 
running
> > into support and debug issues every time an "expert" changes the 
code
> > to his/her liking generating undefined events in the flash 
programming
> > sequence or timing. 
> >
> > It is fine that you disassembled the bootloader, nice exercise. 
Using
> > a reengineered version of the bootloader / programming software 
can
> > probably not increase the functionality but I can assure you it 
will
> > increase the trouble you get yourself and your customers in.
> >
> > Overall, I do not understand you, if you think the CRP is not 
save,
> > then look at other devices and try to find one that is good 
enough for
> > your high standards. So far there have been 50++ messages but 
nobody
> > said that they were able to break the mechanism.
> >
> > So, once you were able to set CRP in a device that actually can 
be
> > secured, which are all device but the LPC2104/5/6 and enable JTAG
> > without doing a chip erase I would be interested in your data. 
But
> > only then!
> >
> > As a previous poster said, please feel free to set up a new Yahoo
> > group "Code read protection in ARM devices" and the enthusiasts 
will
> > follow you there.
> >
> > As long as you post your assumptions, non-applicable 
bootloaders ....

> >
> > Bob
>

B3 in ARM7TDMI-S reference manual does not address the issue I raised.

The response from Philips is what you would expec.  Philips is not the
only manufacturer that produces devices with flash memory.  The other
manufacturs do change their technology too.

Unlike Philips, they publish the programming algorithm so that we all
can evaluate it for what it is worth.  Philips programming algorithm
has no safeguards whatsoever with respect to what happens when code
fails -- not just user code, but the supplied boot loader code too.

I do not know of any other manufacturer who sells you 128K flash and
at the same time demands that reserve 8K or 12K of this for the sole
use by the manufacturer, to install code that will enable the device
to accessed from the outside world, but with no garantees whatsoever.

--- In lpc2000@yahoogroups.com, "lpc2100_fan" <lpc2100_fan@y...> wrote:

>
> Jaya,
> 
> http://www.arm.com/pdfs/DDI0234A_7TDMIS_R4.pdf
> Chapter B3 about synchronized clock
> 
> Somebody at Philips went through some effort and wrote a very nize
> summary on Dec 22
> 
> This should give you a good idea why the bootcode is not available in
> source code:
> 
> ----  quote  -------
> 2) I am going to replace the Philips bootloader. I have figured out
> how to do it.
> 
> Replacing the Philips bootloader is not recommended. It hides the
> underlying hardware and allows Philips to use new flash technologies
> without impacting the end user. Philips Bootloader may reside in ROM
> or write/erase protected flash making replacement impossible. In
> LPC2101/2/3 the bootloader resides in on-chip ROM.
> 
> ----  end quote  -------
> 
> Flash blocks change in size and timing. Providing a software interface
> that you just need to call is much more user friendly than running
> into support and debug issues every time an "expert" changes the code
> to his/her liking generating undefined events in the flash programming
> sequence or timing. 
> 
> It is fine that you disassembled the bootloader, nice exercise. Using
> a reengineered version of the bootloader / programming software can
> probably not increase the functionality but I can assure you it will
> increase the trouble you get yourself and your customers in.
> 
> Overall, I do not understand you, if you think the CRP is not save,
> then look at other devices and try to find one that is good enough for
> your high standards. So far there have been 50++ messages but nobody
> said that they were able to break the mechanism.
> 
> So, once you were able to set CRP in a device that actually can be
> secured, which are all device but the LPC2104/5/6 and enable JTAG
> without doing a chip erase I would be interested in your data. But
> only then!
> 
> As a previous poster said, please feel free to set up a new Yahoo
> group "Code read protection in ARM devices" and the enthusiasts will
> follow you there.
> 
> As long as you post your assumptions, non-applicable bootloaders ....
> 
> Bob
> 
> 
> 
> --- In lpc2000@yahoogroups.com, "jayasooriah" <jayasooriah@y...> wrote:
> >
> > --- In lpc2000@yahoogroups.com, "unity0724" <unity0724@y...> wrote:
> > > Reverse disassembly of bootloader is of no use in hacking the chip.
> > > Regards
> > 
> > If this is true, Philips would have provided us with source for the
> > boot loader.
> > 
> > You do not expect Philips to build defects into the boot loader.  It
> > does not follow however that there are no defects, or that they cannot
> > be exploited.
> > 
> > In a regime where obscurity is critical component of security,
> > exposing internals is a high security risk.
> > 
> > Jaya
> >
>

Dear Richard,

Thank you for raising your displeasure with my references to ATMEL.

I do not advocate any particular device or manufacturer.  I work on
any device from any manufacturer that I am asked to work on.

I developed the AVR boot loader for laboratory use.  It worked so well
that other clients started using it as-is for other purposes.

Different requirements led to I being asked to repeat this for the
LPC. I found problems.  Philips did not respond adequately.  So I
raised the issues in this forum.

I can assure you I have no desire whatsoever to be anywhere in the
vicinity of the "class action" one poster quite vexatiously referred
to.  Neither was it my intentinon to get you or anyone to use ATMEL.

Jaya


--- In lpc2000@yahoogroups.com, "rtstofer" <rstofer@p...> wrote:

>
> 
> > While it takes just one test to show a security vulnerability, is not
> > feasible (or valid) to claim a system is secure (or assure quality) 
> by
> > testing alone.
> 
> True, security can never be proven.  So why not review the claims of 
> Philips and make a decision:  I believe therefore I will buy.  I don't 
> believe so I'll use Atmel.
> 
> If you think Philips will post the code or describe the internals on 
> this forum, I think you are mistaken.
> 
> Stay with Atmel.
> 
> Richard
>

--- In lpc2000@yahoogroups.com, "jayasooriah" <jayasooriah@y...> wrote:
> The response from Philips is what you would expec.  Philips is not the
> only manufacturer that produces devices with flash memory.  The other
> manufacturs do change their technology too.
> 
> Unlike Philips, they publish the programming algorithm so that we all
> can evaluate it for what it is worth.  
Not all of them do, in fact ST pops immediately to mind as one who has
done a very similar thing.  And I suspect it was for much the reason
the Philips has claimed (to keep the changes in flash technology from
having to be propagated up to the user).  They got bit by that once.

Philips left out an obvious and related reason.  By keeping the flash
algorithm hidden in an internal state machine they reduce the
inevitable support cost associated with exposing it.  

In some sense I haven't seen a flash in quite some time that had it's
programming algorithm exposed.  The last one I saw was probably in the
early to mid 90's. Even the external ones hide it behind an internal
state machine.  NAND flash on the other hand I don't know about.


I can understand your security concerns even if I don't share them but
your angst over them not exposing the flash programming algorithm
seems to be overdone.  That the programming section is somewhat
vulnerable is unfortunate even if you are one of very few people who
have reported a problem with it, but it is no worse than any micro
with no built-in isp algorithm.  ISP support is, after all, a fairly
recent innovation.  I still know of systems where development testing
is done by unsocketing an EPROM and placing under a UV lamp while
replacing it with a newly programmed replacement.

Better protection of that boot block is desireable, but if Philips is
really moving that into ROM as has been suggested then that is already
happening.

Advertising what is essentially a 120K device as a 128K device is
another question, but it is unfortuately the sort of specmanship I've
come to expect from semiconductor companies.

RTFM and caveat emptor

Robert

--- In lpc2000@yahoogroups.com, "robertadsett" <subscriptions@a...> 
> Not all of them do, in fact ST pops immediately to mind
> as one who has done a very similar thing.

If you can tell me which device in particular, I would like to look
into it when get bored.  My previous experience was with ST10 and its
errata sheet was nothing like that for 2105 in terms of the types of
bugs in silicon.

>I can understand your security concerns even if I don't share
>them but your angst over them not exposing the flash programming
>algorithm seems to be overdone.

Off top of my head:

1/  The entire on-chip flash can be destroyed by scribbling over the
just one location in memory with some random value.  [PLLs and WDs
incorporate feed sequences, but this self destruct sequence has none.]

2/  The sector bit maps are all over the place.  In the case of 2105
its 16 sectors are mapped to the top and bottom 8 bits, leaving out 16
bits in the middle.  [The product appears to be in its infant stages
of development in relation to maturity of design.]

3/  It appears that to program the flash charge pump cycle parameters
are required. [Using inappropriate values here could result in frying
the part for good.]

It is in consumers' interest to know about things like this that can
destroy the LPC.  [LPC was abandoned for laboratory kits that students
load and run programs.]

It is quite possible for hardware manufacurers and software providers
to blame each other for field failures in the light of the above.

About 10% of LPC2105 parts with bootloader versions prior to 1.52 did
fail in the field according to Philips.  One wonders what happened in
the field resulting in Philips stating this in the errata sheet.

Jaya