|
更高版本的不知道。<br /><br />更多参见:<a href="http://water.cse.unsw.edu.au/esdk/lpc2/crp-security.html" target=_blank>http://water.cse.unsw.edu.au/esdk/lpc2/crp-security.html</a><br /><br /><br />CRP security<br />The above are just some examples of how CRP security is breached. We first look at some of the features of LPC. Then we trace the origins of CRP and establish how it is related to the on-chip Boot Loader software. Finally we explain the techniques that could be used to breach CRP security.<br /><br />CRP breach<br />CRP was breached on LPC2292 with Boot Loader Version 1.64 using the ISP interface. NXP was notified of this on 10 March 2007 of the CRP Security breach.<br /><br />When NXP failed to respond for a week, the breach was announced on Yahoo LPC2000 and NXP MCU discussion forums. NXP has not responded to date.<br /><br />Anecdotal evidence from contributors to the LPC2000 forum (claiming to work for NXP) appears to suggest that NXP is not concerned with CRP breaches on parts like LPC2292 which have Boot Loader Version 1 (BLV1).<br /><br />Although NXP will not publicly acknowledge the existence of this vulnerability on LPC2292 or in its Version 1 Boot Loaders, it appears that NXP is confident that such vulnerabilities do not exist on LPC2138 parts with Boot Loader Version 2 (BLV2).<br /><br />BLV1 is found in 2114, 2114, 2119, 2124, 2124, 2129, 2194, 2212, 2212, 2214, 2214, 2292, and 2294 parts. The most recent BLV1 release appears to be 65. CRP Security breach was discovered and confirmed on release 64.<br /><br />BLV2 is found in 2132, 2138, 2141, 2142, 2144, 2146, and 2148 parts, which comprise the second generation of LPC processors on which the flash controller is different.<br /><br />BLV2 supports and additional IAP call (57) to enable applications to enter the ISP mode, supposedly to enable software updates in the field. It also has two levels of CRP (CRP2 and CRP3) and this is yet to be documented by NXP.<br /><br />If CRP3 is the same as what is described in user manual for LPC2468 then its purpose is unclear. Its implementation (at least on LPC2138/2.11) does not seem consistent with this description.<br /><br />Examination of the code (obtained by disassembly of binaries) for both BLV1 and BLV2 suggests that other than the above differences, these two implementations share the same code base, in particular, for the ISP interface.<br /><br /> <br />
|
楼主
