From owner-freebsd-embedded@FreeBSD.ORG  Fri Jun 15 12:25:47 2007
Return-Path: <owner-freebsd-embedded@FreeBSD.ORG>
X-Original-To: freebsd-embedded@freebsd.org
Delivered-To: freebsd-embedded@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id BF3FF16A41F
	for <freebsd-embedded@freebsd.org>;
	Fri, 15 Jun 2007 12:25:47 +0000 (UTC)
	(envelope-from henrik@brixandersen.dk)
Received: from solow.pil.dk (relay.pil.dk [195.41.47.164])
	by mx1.freebsd.org (Postfix) with ESMTP id 8614813C469
	for <freebsd-embedded@freebsd.org>;
	Fri, 15 Jun 2007 12:25:47 +0000 (UTC)
	(envelope-from henrik@brixandersen.dk)
Received: from tirith.brixandersen.dk (osgiliath.brixandersen.dk
	[87.53.223.189]) by solow.pil.dk (Postfix) with ESMTP id 54BE21CC4CF
	for <freebsd-embedded@freebsd.org>;
	Fri, 15 Jun 2007 14:25:46 +0200 (CEST)
Received: by tirith.brixandersen.dk (Postfix, from userid 1001)
	id C9178B8B3; Fri, 15 Jun 2007 14:25:45 +0200 (CEST)
Date: Fri, 15 Jun 2007 14:25:45 +0200
From: Henrik Brix Andersen <henrik@brixandersen.dk>
To: freebsd-embedded@freebsd.org
Message-ID: <20070615122545.GA53280@tirith.brixandersen.dk>
Mail-Followup-To: freebsd-embedded@freebsd.org
References: <467272F7.4010301@bulinfo.net>
	<5d84cb30706150434u6e722912w9edac38e62bd97c3@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="45Z9DzgjV8m4Oswq"
Content-Disposition: inline
In-Reply-To: <5d84cb30706150434u6e722912w9edac38e62bd97c3@mail.gmail.com>
X-PGP-Key: http://www.brixandersen.dk/files/HenrikBrixAndersen.asc
User-Agent: Mutt/1.5.15 (2007-04-06)
Subject: Re: Embedded systems protection?
X-BeenThere: freebsd-embedded@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Dedicated and Embedded Systems <freebsd-embedded.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-embedded>, 
	<mailto:freebsd-embedded-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-embedded>
List-Post: <mailto:freebsd-embedded@freebsd.org>
List-Help: <mailto:freebsd-embedded-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-embedded>, 
	<mailto:freebsd-embedded-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jun 2007 12:25:47 -0000


--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 15, 2007 at 01:34:49PM +0200, Karl Sj=F6dahl - dunceor wrote:
>  One way that is popular is to use a OTP flash with a cert inside that
>  you verify to see if something has changed.

How will that protect from copying? The contents of the flash can
still be read.

One solution, which I have used earlier, is to have a small bootloader
in internal flash which then loads, verifies and decrypts the main
application (which has been encrypted) from external flash. The key
point here is to make sure the internal flash can not be read out by
any means.

Regards,
Brix
--=20
Henrik Brix Andersen <henrik@brixandersen.dk>

--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
Comment: GnuPG signed

iD8DBQFGcoVJv+Q4flTiePgRAkufAJ9xD3yY616iJSJZq9sj4ZnovnGyVgCbBOBu
ECSgpDWsiS7bUEiYui2sZ34=
=sFj8
-----END PGP SIGNATURE-----

--45Z9DzgjV8m4Oswq--