Em 11/2/2010 10:25, Alan B. Pearce escreveu: >> Alan B. Pearce: >> = >>> I would suggest that an encrypted bootloader would be >>> = >> heaps more secure than an ICSP connection ... >> >> Secure against what? In this case, it's not a problem if the >> product is manipulated AFTER the firmware is in the product, >> because it is being delivered to the user immediately afterwards. >> If the user manipulates his own product, it's his own headache. >> = > I would suggest this could well become your headache, to recover such = > devices afterwards ... > > = >> The important thing is that no user receives a product >> manipulated by someone else. If a bootloader is used, a >> risk is introduced that anyone with physical access to >> the product, could erase it and overwrite it with a manipulated >> bootloader, which seemingly acts like the genuine bootloader, >> but which filters the firmware program in different malicious ways. >> = > You mean you haven't checked out how to protect the bootloader area? > > It strikes me that if you supply a product with the ICSP pins available t= hen = > the possibility of someone loading rogue software is considerably increas= ed. = > If a secure bootloader is used, the ICSP pins can be protected against = > everyone but the most determined hacker, and by using your own protocol, = you = > can make it extremely difficult to download anything without the hacker = > going the ICSP route. > = If the part is code-protected, the part must be completely erased before any reading or programming may take place. This way, no remnants of the application or boot-loader are left to be used or stolen. > If you purchased your 18F13K50 chips with the bootloader loaded by = > Microchip, and set the config so that the Bootload area is write protecte= d, = > then you have a very secure setup right from the beginning, which would m= ake = > it very hard for anyone on the production line to load rogue code. = > = Individually protected bootloader area is a nice thing. Not all PICs have it. For the ones that don't have it, one must ensure that only his own firmware is uploaded, or else somebody my upload a firmware to steal the bootloader and all protection is lost. By analyzing the bootloader code, the thief may recover the cryptographic keys or algorithm and crack open any firmware he has access. Best regards, Isaac __________________________________________________ Fa=E7a liga=E7=F5es para outros computadores com o novo Yahoo! Messenger = http://br.beta.messenger.yahoo.com/ = -- = http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist