On Thu, Jul 26, 2001 at 02:59:15PM +0200, wouter van ooijen & floortje hanneman wrote:
> [ James, are we in for the longest not-totally-off-topic thread yet? ]
>
> On the problem of distributing a new hex image: with a few checks &
> procedures you could distrubute the XOR of the old and the new image.
> Cryptographically this is (almost?) equal to the 'one time pad', the
> strongest possible cypher. Of course this requires that the loader can read
> the old content....

Wouter,

The problem is that anywhere a 16F87X part can do an internal write, it can
also do an external read. So someone could read out the existing code, write
their new HEX file, do the XOR, and use the bootloader to write their own
code into the chip, which is exactly what Ron is trying to prevent.

Bootloading and code proection don't go well together. ICSP and security
don't go well together because the serial programming protocol is done in
the clear and is well documented.

So you end up with an encrypted, protected bootloader, a protected execution
kernel, and an encrypted set of tokens in clear space. Not the prettiest
solution.

Ideally there should be a mode where all external access is prohibited and
all internal access allowed. This would let the bootloader be the sole gate
into updating the chip, and it can made as hard as required on a per
application basis.

BAJ

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads