davids5 commented on PR #6815:
URL: https://github.com/apache/incubator-nuttx/pull/6815#issuecomment-1211879044
@rm5248
I guess the issue is an unfortunate consequence of pin choices and reuse on
the board you have.
>I'm therefore extremely confused as to what exactly you think this should
be.
I am sorry that is my fault, I did not read this well enough and I assumed
MC was consistent in config and security.
Without fuse or bootloader Device Configuration Data to disable JTAG how do
they expect the device to be secured?
Maybe they punted on Fuses and the code to do this sort of thing supposed to
be placed in the 12 KB boot Flash?
The best thing to do put it there in the boot flash. The next best thing is
to add code in the __start as soon as there is enough clock initialization done
to modify the DDPCON and set it to the Kconfig. If the soonest this can be don
is a in C code a 1 line `modifyreg32` can be used and the set/clears select by
the Kconfig.
In any case the default of the Kconfig should be JTAG disabled.
There is still a security hole if the code is in __start:, If on boot JTAG
is enabled a hack would be to set the IP to skip the disable code. I would
think we are missing something here, because MC would not leave this open....
```
Note the following details of the code protection feature on Microchip
devices:
• Microchip products meet the specification contained in their particular
Microchip Data Sheet.
• Microchip believes that its family of products is one of the most secure
families of its kind on the market today, when used in the intended manner and
under normal conditions.
• There are dishonest and possibly illegal methods used to breach the code
protection feature. All of these methods, to our
knowledge, require using the Microchip products in a manner outside the
operating specifications contained in Microchip’s Data Sheets. Most likely, the
person doing so is engaged in theft of intellectual property.
• Microchip is willing to work with the customer who is concerned about the
integrity of their code.
• Neither Microchip nor any other semiconductor manufacturer can guarantee
the security of their code. Code protection does not
mean that we are guaranteeing the product as “unbreakable.”
Code protection is constantly evolving. We at Microchip are committed to
continuously improving the code protection features of our
products. Attempts to break Microchip’s code protection feature may be a
violation of the Digital Millennium Copyright Act. If such acts
allow unauthorized access to your software or other copyrighted work, you
may have a right to sue for relief under that Act.```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
