I tortured the KLtab boards in many ways, but could never get them to behave like the chip on the non-programmable Anelok board #2.
There is one thing that I didn't try yet, and that's completely locking down one of the chips on the KLtab boards. The reason is of course that this would make the board unusable - unless I implement some clever backdoor. But in any case, if the chip was protected that way, then it wouldn't indicate that it can be mass-erased, would it ? Well, I don't know for sure yet, but I noticed something else: a while ago, I had broken the build process of the boot loader in a way that would put incorrect data at the location of the all-important Flash security byte (FSEC). I reconstructed the likely version of the boot loader I had at that time, and found that FSEC was probably set to 0xed. This decodes to: 11 = backdoor disabled 10 = mass erase disabled 11 = Freescale access granted 01 = MCU security status is secure The backdoor is a mechanism that needs firmware support, so that wouldn't work with this broken boot loader, even if I had implemented such support (which I haven't). All other settings are such that I can't get in :-( This still doesn't explain why the chip happily announces that it could be mass-erased, but all the other clues are there. So the next step will be to try to unsolder it and replace it with a new one. Let's see how much damage that does ... Oh, and in completely unrelated news, my Ben-based SWD programmer now requires the user to announce explicitly what protection level the binary about to be flashed will set. If there's a mismatch, it will politely refuse to mess things up. - Werner _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
