Re: AVR Bootloader protection

From: Ulf Samuelsson (ulf_at_atmel.nospam.com)
Date: 01/10/05 

Date: Mon, 10 Jan 2005 07:58:26 +0100

Define 8 positions in th eboot loader that the CPU must run though to
get to the boot loader write.
In each position, the CPU sets a bit of a byte..
When exiting the bootloader, clear this byte.

Let an interrupt clear this byte periodically. It should verify that it is
clear
in a loop

    volatile BYTE x;
    do
        x = 0;
    while (x != 0);

    The code generated would be similar to:
    LDI r16,0
    ST (z),r16

    And you dont want to jump into the routine at the ST instruction
    with R16 set to 0xff.

The only instructions that set the bits should be in the bootloasder
unless you execute the boot loader from the start,. you should not
have all bits set.

There is always the chance that you do an indirect store of 0xFF to this
location
but the chance is reduced significantly when this is done.

It is a little similar to how you can use a watchdog.
Set a bit if a certain task has executed.
If all bits are set, service the watchdog, and clear the byte.
If not all tasks has executed at least once in the watchdog period
the reset will come. 

-- 
Best Regards,
Ulf Samuelsson   ulf@a-t-m-e-l.com
This is a personal view which may or may not be
share by my Employer Atmel Nordic AB
<ralph.mason@gmail.com> skrev i meddelandet
news:1105303676.224988.97460@c13g2000cwb.googlegroups.com...
> Does anyone have any good way to protect an AVR from accidential flash
> / erase commands?
>
> Imagine, a bug in the application software causes a jump into the
> bootloader - that just happens to be around the code that calls page
> erase or page write - so that routine does what's it's supposed to,
> writes random data to a random page or  erases a random page.  There is
> no protection, SPM works b/c we are in bootloader code.
>
> How can you protect from this - seems the lock bits are no good b/c
> once you set them you have to do a chip erase to clear them.
>
> Ideally you would be able to stop the chip from being able to jump to
> any code in the bootloader, only being able to get there from a reset.
> But this isn't a reality.
>
> Thanks for any thoughts
> Ralph
>

Relevant Pages

  • Re: Bootloader Placement
    ... The bootloader would treat both of the others as ... It's an interesting thought but the bulk of the boot loader is an MMC card ... together as the flash loading part is so much smaller. ... Prefetch Abort exceptions and don't intend to include a handler so I could ...
    (comp.arch.embedded)
  • Re: How to program AVR or 8051 with Serial Port?
    ... It means booting from UART by default, not having the boot loader by ... Atmel provides the code, but you have to load it somehow. ... We asked for pre-programmed avr with bootloader. ...
    (comp.arch.embedded)
  • Re: AVR Bootloader protection
    ... the CPU sets a bit of a byte.. ... > When exiting the bootloader, ... > unless you execute the boot loader from the start,. ... So I guess the answer is there is no way you can 100 % protect your ...
    (comp.arch.embedded)
  • Re: bootloader internals
    ... The task of the boot loader is to load the operating system. ... i.e. the very first sector on the very first disk) is capable ... "partition boot loader" of that partition. ... The bootloader has no part in creating the RAMDISK. ...
    (comp.os.linux.development.system)
  • AVR Bootloader protection
    ... Does anyone have any good way to protect an AVR from accidential flash ... erase or page write - so that routine does what's it's supposed to, ... SPM works b/c we are in bootloader code. ... Ideally you would be able to stop the chip from being able to jump to ...
    (comp.arch.embedded)