GTA04 Block V4

Andy Green andy at
Tue Aug 12 14:45:18 CEST 2008

Hash: SHA1

Somebody in the thread at some point said:
| Werner Almesberger wrote:
|> Ian Stirling wrote:
|>> I think you can always mass-erase the chip though, so a USB bootloader
|>> would not survive malicious users.
|> It's even easier: according to the manual, you can simply turn off
|> the protection and then scribble over things, see [1].
|>> As I read it, some of the STM32 family tick most of these.
|> Yes, they look very very good. Their main problem is that they seem
|> brickable. This could be solved by booting from a serial flash
|> (STR750 family, [2]), but that would add yet another component,
|> which isn't desirable.
| If I read it correctly - you can secure the code - p22 of
| says you
| can't overwrite pages 0-3 in read-protected mode, without mass-erasing.

We've been through this with the NOR.  We really don't like write-once
stuff either for us having to make a golden implementation for the
factory or for the user not being able to update it in a package.  If
malicious code mass erased this bootloader section we are bricked.

The way that would tie everything up perfectly is JTAG access built-in
using some nonvolatile solution like the FDTI chip on the debug board,
or the kind of ROM bootloader found in MSP430 -> JTAG or some similar
untrashable deal from another direction that comes out on its own mini
or micro USB socket hidden away in the back of the phone.  You can nuke
any possible brickage out of the way with that without special "debug
boards" and you get full meddling possibilities.  And there is the
built-in path for factory processing too.

This was actively rejected by folks in .tw last time this was live, but
I expect we get another chance when it comes up again.

- -Andy
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -


More information about the hardware mailing list