Post by thread:[PIC]: CodeGuard(tm) for PIC24/dsPIC

WH Tan wrote: > Just read the CodeGuard securities feature of latest Microchip micro. > Sounds interesting. > > http://www.microchip.com/codeguard/ Yes, a useful concept. When you check out the main difference between figures 3 and 4 in their white paper (http://www.microchip.com/stellent/groups/dspic_sg/documents/devicedoc/en027547.pdf), it seems to me that it is that "semiconductor manufacturer 1" and "semiconductor manufacturer 2" from figure 3 ("existing design flow") are replaced with "Microchip" in figure 4 ("redesigned to incorporate CodeGuard")... :) Probably the main problem with that type of security is that it is not open source, so you kind of either believe that it works or you don't. With up to 100k of secured storage, that may contain a decent investment -- which of course makes for a decent incentive to get to it, too. Gerhard

Hello Gerhard, 2006/8/5, Gerhard Fiedler wrote: > it seems to me that it is that "semiconductor manufacturer 1" and > "semiconductor manufacturer 2" from figure 3 ("existing design flow") are > replaced with "Microchip" in figure 4 ("redesigned to incorporate > CodeGuard")... :) Yes. And in summary, it's something like turning a multi-chip design into a single chip (Microchip) design. > > Probably the main problem with that type of security is that it is not open > source... Open source? But I think the CodeGuard is a hardware architecture... Each party (either an OEM vendor, firmware IP provider or anything similar) will use the CodeGuard feature to protect a portion of the ROM, RAM or/and EE, where their firmware resides. They will then sell these chips to vendor with next privilege security level. Then a new portion of firmware is written, code protected , and sold to next level... If you see figure 2, that's how an original 3-chip design turned into a single Microchip design. Best regards, -- WH Tan

WH Tan wrote: >> Probably the main problem with that type of security is that it is not >> open source... > > Open source? But I think the CodeGuard is a hardware architecture... Hardware has (design) sources, too. And hardware security designs can fail, too. And they could possibly increase the security with the same measures open source increases it: "for enough eyes, every bug is shallow" or something like that. Of course, submitting patches would be a difficult thing :) But whether or not that's viable, they don't do it. Just an idea about security when I read that. As built-in functionality gets more complex, it also gets more prone to bugs -- and exploits. We're talking about almost 100k of firmware IP to protect; that can be a substantial development effort. Which of course also may invite a substantial cracking effort. Gerhard