We want our software copy protected.
DA14583现在总是允许引导加载您自己的代码通过RS-232,可能只是读取所有闪存和发送它。即使没有这一点,闪存也可以通过外部引脚访问,而CPU保持在复位状态。
For what i've read already OTP ROM is factory pre-programmed in DA14583. If i read wrong please correct me.
If not - is it possible to get DA14583 chips with unprogrammed OTP so i could program it with with my own bootloader that would decrypt code from flash with our own key?
Keywords:
Device:
Hi w.puchar,
No, what you mention is valid, the 583, had allready a bootloader in the OTP in order to directly boot from the SPI flash, but, with the 583 there is the option of the advanced bootloader, in order to burn an extra loader in the OTP and will execute a decryption procedure of an encrypted. You will be able to check details of that functionallity in theUM-B-012 DA14580/581/583 Creation of a secondary boot loader. The secondary bootloader also implements the encrypted image functionallity.
Thanks, PM_Dialog
Thank you for answer. I've read the document. I can easily test my OTP firmware without writing to OTP - loading it over RS-232. and then finally write OTP.
Just to be sure - is then (after my OTP program written) possible anyhow to circumvent it's loading or anyhow else get access to read OTP - for example by SW* pins?
I understand it itsn't but want to be sure.
Hi w.puchar,
你不能让设备100% steal proof, since if there is a will there’s a way. Instead you can try to make it difficult to hack, in order to achieve that and prevent someone to access the flash or OTP you can do the following.You could use the secondary bootloader (as an advanced bootloader in the OTP and with encryption procedure as mentioned ), disable the JTAG in the OTP and modify it by disabling the UART, so when the 583 boots up will check the advanced bootloader option before checking anything else, so it will boot with the advanced bootloader on which you will ONLY enable the SPI option and directly boot from the internal SPI. Of course this solution is not again steal proof, since by powering of the embedded flash and booting from a flash that has a fw like the uart_programmer can again access your code, in any case, since you are booting from external serial device, there is no way to make the access to your flash totally secure but at least you will be able to make it more difficult to hack.
Thanks, PM_Dialog
----------------------
so when the 583 boots up will check the advanced bootloader option before checking anything else, so it will boot with the advanced bootloader
----------------------
That's seems OK as my bootloader decrypt main firmware from flash. So there is no problem if flash can be read. My bootloader doesn't allow booting arbitrary code from anywhere else, but it allow writing flash over my own serial protocol (for firmware update) but again only encrypted firmware is transmitted.
so can anyone run it's own program (that will read out OTP including my encryption key and routine) without knowing encryption keys?
Hi w.puchar,
You should be aware of that if someone is willing to break into the code and run its own program might find a way to do that. There is no way to make the device 100% steal proof and fully protected. For example someone can replace the flash you use and upload a new firmware into the 58x device in order to hack it. What the device will boot depends on the bootloader that is burned in the OTP, if you are confident that your bootloader is not going to allow something like that, then this is something that has to do with your custom loader. What I am supposing is that have to make you product protected as you are able, but there are technics for hacking it.
Thanks, PM_Dialog