CCS C Software and Maintenance Offers
FAQFAQ   FAQForum Help   FAQOfficial CCS Support   SearchSearch  RegisterRegister 

ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

CCS does not monitor this forum on a regular basis.

Please do not post bug reports on this forum. Send them to CCS Technical Support

Encrypted bootloader clarification

 
Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion
View previous topic :: View next topic  
Author Message
wirelessage



Joined: 08 Aug 2012
Posts: 34

View user's profile Send private message

Encrypted bootloader clarification
PostPosted: Wed Nov 06, 2013 6:51 pm     Reply with quote

I have read some forums about encrypted bootloader. I see some of the suggestions..

The one basic question I have is that the "ccsload" program offered by CCS has a "read from chip" option which reads the hex file as written on to the PIC.

Anyone can download ccsload and click on 'read from chip' and the entire program is available.

how do we get around that?


Thanks!


Last edited by wirelessage on Mon Nov 18, 2013 11:07 am; edited 1 time in total
dbotkin



Joined: 08 Sep 2003
Posts: 197
Location: Omaha NE USA

View user's profile Send private message Send e-mail Visit poster's website

Re: Encrypted bootloader clarification
PostPosted: Wed Nov 06, 2013 11:15 pm     Reply with quote

wirelessage wrote:
The one basic question I have is that the "ccsload" program offered by CCS has a "read from chip" option which reads the hex file as written on to the PIC.

Anyone can download ccsload and click on 'read from chip' and the entire program is available.

how do we get around that?

By setting code protect on in the config bits.
Ttelmah



Joined: 11 Mar 2010
Posts: 19513

View user's profile Send private message

PostPosted: Thu Nov 07, 2013 2:04 am     Reply with quote

This is all down to how you write your bootloader.

The chip normally has settings to enable an external programmer to R/W the memory.
These obviously need to be off.
Then there is an option to allow 'code' (i.e. the bootloader), to R/W. If the chip is to be verified, then the bootloader must be able to read the code.
Then there is an option to fully protect the bottom area of the ROM, where the bootloader resides.

Now, if your bootloader accepts commands to 'read' the chip, over it's connection (whatever this may be), then (obviously) the chip can be read. However write the bootloader, so it can only accept commands to 'write', or 'verify', and the chip can't then be read via the bootloader. Now you could then get round the protection, and read the chip, by overwriting just the bootloader, with one that did allow reading. This is where the option to fully protect the bootloader itself comes in.
Then you could even be more complex than this. You could (for instance), write the code to allow a small part of the top of ROM to be read, but nowhere else. If this is used to hold configuration data, it allows this to be read and saved, without letting your code be accessed.

Several layers:
1) The chip's protection needs to be set so only code running in the chip can access the ROM - prevents using a programmer to read the chip.
2) The area containing the bootloader itself needs to be fully protected.
3) The bootloader needs to implement both the decryption, and the tests to verify that it is being talked to by a 'legitimate' source.
4) If the bootloader implements 'read back', then this must only be for areas that you want to allow to be read.

The CCS example code, and CCSload, are just that. Examples, and useful tools. You would not use CCSLoad to talk to an encrypted loader, and it is completely down to the design of the loader so that it would not respond to a 'read' command from this source.

Best Wishes
wirelessage



Joined: 08 Aug 2012
Posts: 34

View user's profile Send private message

PostPosted: Mon Nov 18, 2013 11:06 am     Reply with quote

Thanks for the inputs.

I took a little time to understand and figure what Tlehmah was saying. I think I have gotten many of it.

Environment:
ccs compiler: v4.141
ccsload: v4.047

So, here is what I got done so far:

- I was able to keep the same fuses on both the bootloader and application so that we do not allow table reads AND Enable code protection. By doing so, I tested to ensure that CCSLOAD can read the hex file, but shows up as a bunch of zeros.

- Also, what I observed is that the fuses in the bootloader and the application have to match, else the application won't load up in my case. I think that is good because the bootloader fuses dictate the application fuses. I am not sure on this, but this is my observation so far.

- Obviously, the next step is to add encryption in the client app, to encrypt and send data to the bootloader which could decrypt and write to program memory.

Anything else I am missing from an encrypted bootloader standpoint?
Display posts from previous:   
Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group