Arduino bootloader and read protection

Hello,

I would like to program a femtoduino (Atmega 328p) in a way that it can be reprogrammed via usb (bootloader) but can't be read out.

I'm able to do the following: Burn my program onto the femto using AVR ISP mkii programmer setting the lock bits to read protection, while killing the bootloader. --> Result: A protected program, but no option to update the program via usb(bootloader)

I'm also able to burn an unprotected bootloader which allows me to upload new programs afterwards, but then the program can be read via bootloader afterwards (no write protection).

My question is, if it is possible to burn a bootloader while setting the lockbits to read protection in a way, that I can use the bootloader to update my program but can't read the program from flash memory?

Thank you!

I don't think so.

But I think I remember that it was not possible at all to protect the flash contents. Perhaps someone else known where to find that kind of information...

You can encrypt text messages, but then the decryption code will still be in the flash. I think there are external EEPROM chips that have password protection that actually work.

How important is it to keep your code hidden ? Is your code important, or the data for an other device ?

Read the lock bits section of the datasheet, that tells you what the hardware can do.

28.1 Program And Data Memory Lock Bits

LB Mode LB2 LB1
1 1 1 No memory lock features enabled.
2 1 0 Further programming of the Flash and EEPROM is disabled in
Parallel and Serial Programming mode. The Fuse bits are
locked in both Serial and Parallel Programming mode.(1)
3 0 0 Further programming and verification of the Flash and EEPROM <<< What you want I think
is disabled in Parallel and Serial Programming mode. The Boot
Lock bits and Fuse bits are locked in both Serial and Parallel
Programming mode.(1)

Notes: 1. Program the Fuse bits and Boot Lock bits before programming the LB1 and LB2.

BLB0 Mode BLB02 BLB01
1 1 1 No restrictions for SPM or LPM accessing the Application
section.
2 1 0 SPM is not allowed to write to the Application section.
3 0 0 SPM is not allowed to write to the Application section, and LPM
executing from the Boot Loader section is not allowed to read
from the Application section. If Interrupt Vectors are placed in
the Boot Loader section, interrupts are disabled while executing
from the Application section.
4 0 1 LPM executing from the Boot Loader section is not allowed to
read from the Application section. If Interrupt Vectors are placed
in the Boot Loader section, interrupts are disabled while
executing from the Application section.

BLB1 Mode BLB12 BLB11
1 1 1 No restrictions for SPM or LPM accessing the Boot Loader
section.
2 1 0 SPM is not allowed to write to the Boot Loader section.
3 0 0 SPM is not allowed to write to the Boot Loader section, and LPM
executing from the Application section is not allowed to read
from the Boot Loader section. If Interrupt Vectors are placed in
the Application section, interrupts are disabled while executing
from the Boot Loader section.
4 0 1 LPM executing from the Application section is not allowed to
read from the Boot Loader section. If Interrupt Vectors are
placed in the Application section, interrupts are disabled while
executing from the Boot Loader section.

To make what Crossroads said make sense:

SPM = Store Program Memory (write flash) LPM = Load Program Memory (read flash)

The way I interpret it, you want to block the bootloader from reading the application section, but you still want to be able to write it. That means you want BLB0 wants to be in mode 4, I think, so the bootloader cannot read the application section of the program memory. Will the bootloader be happy writing that way, though?

One could still read it out with ISP programming though - unless you set the lockbits too.

You would need a modified “upload” procedure, since the ability to read-back the programmed sketch is part of the “verifications” done for uploads.

You should probably have a modified bootloader that just doesn’t allow reading of any of the program memory.
And it should erase all program memory NOT used by the uploaded sketch, to prevent anyone from uploading a sketch whose only purpose is to dump the rest of flash. (such a program would overwrite the first few pages of flash, which is normally occupied by boring and ‘known’ code (vectors, C initialization, etc.) Theoretically, you could prevent the application section from reading flash with LPM, but that would break the arduino runtime, and you’d have to program carefully to avoid other functions that might use LPM (like the C startup’s copy of initialized data to RAM.))

This is just one of the things that I read : http://hackaday.com/2014/07/05/overwriting-a-protected-avr-bootloader/

http://hackaday.com/2014/07/05/overwriting-a-protected-avr-bootloader/

That's for overwriting the bootloader FROM THE APPLICATION IN THE AVR, which is quite different than the protection requested here.

Clemi_81: I would like to program a femtoduino (Atmega 328p) in a way that it can be reprogrammed via usb (bootloader) but can't be read out.

Every time a newbie comes and asks this question, we just sit back and chuckle at the naïveté, and have to ask - why?

Thank you for all the replies.

@ Peter_n: The device will contain parts of our companies technological knowledge. As we are rather small the effort should not be too high. However, a small lock is better than no lock.

As far as I understand from CrossRoads and DrAzzys comments, I should set LB:3 for avoiding any programmer to read the flash. (That is what I already did) Further set BLBO:4 prevent the bootloader from reading the flash (Haven't done that yet as I read somewhere else this may cause problems, Probably the ones westfw mentions) And set BLB1:2 to prevent to accidentally write to the bootloader.

Question remains as DrAzzy pointed out, if the standard arduino bootloader is able to write to flash if it's not allowed to read?

I would already be happy if this would work, even if it's not safe for cases like westfw described.

Maybe there is a project with a "security" bootloader for Arduino I don't know about? ( Probably my last sentence will give Paul__B another chuckle ;) )