[Avila] How I can protect my program from not authorized reading via JTAG?

Thu Feb 15 14:12:32 EST 2007

I agree Tim - if the processor can read the Flash, so can the JTAG
interface, and by definition, the processor has to be able to read the
Flash.  There is no way to disable the JTAG interface on the CPU, other than
to remove the connector or traces.  Ultimately, an ambitious hacker could
still solder wires to the vias behind the CPU...

Most software vendors concerned about copy protection are binding a license
key to the 64-bit globally unique number in the StrataFlash.  This number is
not reprogrammable, in hardware or software, so it is truly unique for each
board.

Gordon Edmonds
Gateworks Corporation
3026 S. Higuera Street
San Luis Obispo, CA 93401
805-781-2000
gedmonds at gateworks.com

-----Original Message-----
From: Tim Harvey [mailto:tim_harvey at yahoo.com] 
Sent: Thursday, February 15, 2007 10:46 AM
To: Avila
Subject: Re: [Avila] How I can protect my program from not authorized
reading via JTAG?

Nikita,

I've often thought about this as well.  There really isn't any way to do
this.  For starters, Gateworks programs the firmware on their boards using
the JTAG connector, so the connector will always be loaded on the board.  If
they were to move to pads/testpoints vs a physical connector this would make
it more difficult for someone not familiar with the board to read but
certainly not for the resourceful.  That said, removing the connector and/or
possibly resistors that may link that connector to the JTAG chain would make
it more difficult but not for the resourceful.

In my opinion, because you will never be able to keep someone from reading
the JTAG chain you would have to do something to encrypt/protect the info
from the flash they would be able to read which may require quite a bit of
bootloader/kernel modification.

Of course, regardless of the time/effort/$$ you put into protecting a system
if someone really wants to get into it and has the know-how they probably
will (ie, XBOX, XBOX-360, DVD CSS encryption, DVD-HD and Blueray - these
have all been hacked)

I wonder if there is a way to 'blow' the JTAG circuits on some/all of the
devices to make it impossible to read via JTAG (and impossible to re-program
a bricked board).

Tim

----- Original Message ----
From: Nikita Tabatsky <iron.coyote at gmail.com>
To: avila at lists.unixstudios.net
Sent: Monday, February 5, 2007 1:58:38 AM
Subject: [Avila] How I can protect my program from not authorized reading
via JTAG?

Hi All,

I'm using the ixp425 based board with 28F128J3.
How I can protect my program from not authorized reading via JTAG?

Nikita.

---------------------------------------------------------------------
To unsubscribe, e-mail: avila-unsubscribe at lists.unixstudios.net
For additional commands, e-mail: avila-help at lists.unixstudios.net

---------------------------------------------------------------------
To unsubscribe, e-mail: avila-unsubscribe at lists.unixstudios.net
For additional commands, e-mail: avila-help at lists.unixstudios.net