protecting IP on my AVR

Go To Last Post
13 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi,

I'm working on getting my project manufactured, and I'm wondering if it is possible to get the chip pre-programmed by Atmel or external chip vendor (to protect my code)?

Can the program be read-protected, but the EEPROM be read/write accessible? There are some controller gains that I'd like to have the manufacturer adjust by programming the EEPROM only.

The manufacturer is doing everything else, and while in the US, has a china factory. I'm a bit worried about them having the entire design... any thoughts/advice would be great.

thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

You send the ELF file to the assembler. It sets the fuses, burns the program hex and eep files, then sets the lockbits in the avr. Read upon those in the datasheet.

Imagecraft compiler user

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

This has been discussed numerous times on the list.

Yes, there are several fuses that provide varying degrees of security. The fuses section of the spec sheet tells all.

All, except the fact that there is no absolute protection. For a few hundred dollars, your chip can be read, no matter what the fuses are. In the end, the only thing the fuses do is make it more expensive to get your code.

Jim

 

Until Black Lives Matter, we do not have "All Lives Matter"!

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

As far as I know ATMEL does not provide 'Mask Rom' versions of it products, but I could easily be wrong.

Regardless, this protection is handled with the 'Lock bits'. With proper lock bits configured, your binary code is safe from being read via 'external' means, such as ISP or JTAG.

Typically you would program Lock Bit Mode 3, which prevents external reading and writing of both FLASH and EEPROM, while still allowing your application to do so.

Once a lock bit is set, the entire chip must be erased to clear it, so this is a pretty safe way to protect your code.

One often overlooked 'hole' is the use of a boot loader, most of which will allow the knowledgeable to read your entire flash.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Is there no way to lock just the flash and not the EEPROM?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The lock bits affect both, at least in all the avr parts I have used. However, they do not prevent your application, already 'burned' to the device, from freely reading and writing EEPROM... only 'external' access is inhibited.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Right... I'd like the manufacturer to "tune" some of my controller gains, should it become necessary. Gains would be stored in EEPROM...

So seems like I can't use the lock bits... oh well.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Quote:
So seems like I can't use the lock bits... oh well.

You can use the lock bits, you just have to make a small routine into your program to get the gains values from outside and write them into the eeprom at run time.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

there is something called as flash vault technology from Atmel I think only in AVR 32. Take a look at it.

Also if your code needs to be protected from mediocre hackers.. you can write your own custom bootloader using complex encryption algorithms like AES. Atmel has an app note for this. I think it is AVR 231 but remember I am bad in numbers. ;-)

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

yes the app note number is correct. So what you do is you encrypt the firmware at your desk and and the encrypted stuff to factory. Some one why knows the key only can get it back. Of course, you can try running a brute force to crack it. but this is security at its max for you.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

For a few hundred dollars you can get the code extracted. So your IP is never 100% safe.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Perhaps include text in the flash:

"For shame! You're stealing a program this simple? Make your own for goodness sake!"

If you don't know my whole story, keep your mouth shut.

If you know my whole story, you're an accomplice. Keep your mouth shut. 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

flash unlocking can't be prevented, what you can try is to prevent someone to take. the code from your production system