How to Pr@tect your programs from S*P*I inter*face

[linjyh]

Dear all,
I have program download to flash memory by S*P*I inter*face.
It can be read from S*P*I inter*face.
Any method can enhance the se*curity.
Thanks all
Jim

 

[M!k]

Can you give some more infos ? SPI is a bidirectional interface, so which type of flash are you using (serial eeprom ? this can be read)


Mik

 

[Ace-X]

I guees, only encryption of Flash content could help in this situation. I can't suggest any encryption algorithm right now because there is not enough information about your system .

Ace-X.

 

[linjyh]

for the applic@tion in the C*SR bluet@@th chip and fl@sh

for the applic@tion in the C*SR bluet@@th chip and fl@sh
using Fujitsu MBM29LV400B
Thanks
Jim

 

[Ace-X]

Still not enough info. The most important question is: does your uC have an internal program memory, so that it can start up from internal memory and then it will use encrypted program from the exteral Flash? If so, you can implement decryption procedure in internal program memory which will read encrypted commands from the external Flash, decrypt them and execute.

Ace-X.

 

[junglejenny]

I think you are working with Bluecore. If I am correct, you can't stop your program from being copied. That is what CSR told me.

JJ

 

[M!k]

Still not enough info. The most important question is: does your uC have an internal program memory, so that it can start up from internal memory and then it will use encrypted program from the exteral Flash? If so, you can implement decryption procedure in internal program memory which will read encrypted commands from the external Flash, decrypt them and execute.

Ace-X.

But this also means, that you need the same amout of INTERNAL RAM (4 MBit), which is, dependant of processor-architecture, able to execute the code. You'll also need a possibility to store the decrytion-key inside the processor (personalization - very inconvenient for mass-production !!!). If a general key is used you can copy the whole contents of the FLASH and so just copy the complete design. If a smaller internal RAM is present you have to partition your code - similar to banking and very uncomfortable.

I think there's no possibility to easily protect that circuit.


Mik

 

[Ace-X]

But this also means, that you need the same amout of INTERNAL RAM (4 MBit), which is, dependant of processor-architecture, able to execute the code.

Not necessary. If the speed is not important you could decrypt commands from external Flash one-by-one only when you will need them. So, in this case your uC will need internal Flash program memory to store just decryption procedure and some free bytes of RAM to store and execute decrypted commands.

You'll also need a possibility to store the decrytion-key inside the processor (personalization - very inconvenient for mass-production !!!). If a general key is used you can copy the whole contents of the FLASH and so just copy the complete design. If a smaller internal RAM is present you have to partition your code - similar to banking and very uncomfortable.

No! You can use the same decryption key for all versions of your board. This key will be stored in the internal data EEPROM of your uC. The only thing you should do - is to setup protection bits of your uC during its programming. After that nobody can get access to your decryption code and to your decryption key. Of course, everybody can copy your external Flash, but its content is useless until you can't copy uC firmware with decryption key. You would need different decryption keys only if you are going to independently sell also firmware updates to your system.


Ace-X.

 

[JaBa]

Program security for Bluecore

As mentioned by JJ, the secrity for Bluecore is not good.
All the data and program are running and stored in the Flash.
It will be copied at the SPI interface.
JAba