Hello guys!
I´m trying to set lock bits in my arduino uno to avoid other people to read my project and then make a small tutorial to help other people with the same question.
I´m using the AVRDUDE to configure, read or write the .HEX file at my Arduino UNO and I´m burning first the bootloader (optiboot). In the project is necessary the bootloader. So I have some questions:
1 - Is possible to set the lock bits using the bootloader? Or lock bits can be set only in a normal program? Because I would like to reprogram the device using Arduino IDE, only the first time using the USBasp to burn the bootloader with AVRDUDE.
2 - Is possible to set the lock bits on the bootloader? Because, I found explanations about this using AVRDUDE, but is possible to change some parts on the bootloader code to set reading protection as default?
3 - I red the BOARDS.txt file, in there, we have some code lines as shown bellow:
uno.bootloader.tool=avrdude
uno.bootloader.low_fuses=0xFF
uno.bootloader.high_fuses=0xDE
uno.bootloader.extended_fuses=0xFD
uno.bootloader.unlock_bits=0x3F
uno.bootloader.lock_bits=0x0F
uno.bootloader.file=optiboot/optiboot_atmega328.hex
if I change the line: uno.bootloader.lock_bits=0x0F, to correct hexadecimal configuration, would works the reading proction in the bootloader?
4 - is necessary to set lock bits every time in a new burned program? or it is a permanent modification without relation with new burned program ou bootloader?
5 - Someone know what is the hexadecimal information to set lock bits only to protect against reading?
Thanks guys, after this research and your help I intend to post here the tutorial "How to set lock bits avoid reading". Thank you!
If you have to ask these questions, then your code is not that special that it should be protected
It is a long time ago that I used the lock bits and I'm not an expert.
The protection lock bits are set with avrdude, not with the bootloader.
I think you can set lock bits and still have the bootloader.
The bootloader is a weak point, it could contain something to read the flash.
You better make a copy of the Uno in "boards.txt", and change that copy. I think you can set the lock_bits to your own configuration. Perhaps there is a check afterwards that may fail.
Normally, the lock bits are independent of the code in Flash. However, I'm not sure what the Arduino IDE does with the lock bits.
There are special bytes in the ATmega328P, called signature bytes. You could store those values in Flash and EEPROM and check if they are the same. That will prevent that your sketch can run on an other ATmega328P.
These kind of tests are very dangerous. Suppose it is your sketch with the right hardware, but a bug or a glitch would fail the test. Then it will not work. Those things happen at the worst possible moment.
No, you can't set the lock bits using the bootloader.
As far as I know, there is NO way to set the lock bits so that the code is unreadable by the bootloader, but have the bootloader still work. If you have the .hex file for the bootloader to load, you don't need to read the chip, anyway...
There are "secure booloaders" that attempt to address the problem of protecting code from copying, but they tend to be expensive (to license - no "open source"), complex to use (you need some sort of "key" that is unique per-user or per-board), and significantly larger than the Arduino bootloaders.
The bootloader provides a convenient way of programming the Arduino without requiring external hardware, an AVR-ISP. However since the bootloader program runs from within the microcontroller it cannot alter the fuses -- that can only be done externally.
While I've used an AVR-ISP to program AVR microcontrollers in the past, I've yet to do so to the AVR in an Arduino. There is always the ArduinoISP example program you can load into a second Arduino board and use that as an AVR-ISP. Presumably that would be able to set the fuse bits.
In ATmega328P, by setting the lock bit to 0x04, may it possible to set the chip so that the boot loader can only overwrite the flash application section.
External programmers can't read or write the chip, including the bootloader.
The user program can't read to sniff the bootloader section. Of course can't write too.
The bootloader can write to the user program section, but cannot read it.
In this case, the bootloader will need to fill everything with "nop" instead of erasing the chip when before writing, andmore it will be impossible to even verify after writing.
(Doesn't work normal Arduino boot loader.)
Also, the only way to enable normal writing again on a chip in this state is to completely erase the chip with external programmer.
I may have been idiot.
The bootloader section could be completely protected and hidden, so didn't have to hide the user program section from the bootloader.
You should set 0x0C to the lock bit, and in the case of verify, create a boot loader that reports only "it matches".
The bootloader does not erase the chip before writing (it only erases each page just before that page is written.)
in the case of verify, create a boot loader that reports only "it matches".
That's not how "verify" works, either. Avrdude reads back all of the memory that was just written, and compares it to the original .hex file.
Yes.
In other words, without a dedicated write method can't make a board that can't be read and can only be reprogrammed.
And it has to be include of bootloaders. (program by UART?)
I thought the OP wanted such a board, but is it different?
ok guys, Thank you for help me. So adding your informations with my last day tests I have some observations:
1 - I can set the lock bits using the AVRDUDE and USBASP burner ( I´m waiting for my delivery to test it);
2 - I can set the lock bits using the BOARDS.txt file (I set the lock bits to 0x00 and I full locked my arduino UNO board xD)
So my questions are:
a) After I set the lock bits, this action is permanent? Because I want to set the lock bits and after be able to reprogram using ARDUINO IDE, it´s the reason why I need a bootloader, to send new sketchs to my arduino. I can send the .HEX file too, using other programs, any one of the methods can be done.
b)What are the correct fuses only to lock reading actions? not writting? because I locked my last arduino and I´m afraid to lock other
c) How do I do to erase all flash memory and the lock bits too, restoring my locked arduino? with AVRDUDE and USBASP can I do it? because I was trying to connect directly the USB cabe on arduino and my pc and using the AVRDUDE and it doesn´t work to erase the chip or set lock bits, only to send and read code.
Ok, it finally works!
-> On Arduino files, search for BOARDS.txt file.
-> Open the file, found your arduino model, and change the line:
"uno.bootloader.lock_bits" (in my test the Arduino uno was used), to " 0x04 ". Save the .txt file.
-> using IDE, use a arduino as burner and the other to be burned the bootloader.
-> The Arduino with bootloader burned (in my case Arduino Uno), now is set against reading only (protection against reading not writing). A error message will appear each new compilation in Arduino IDE after this process, but the compilation and code transfering will occur normally.
you may use Arduino burner USBASP, with AVRDUDE program to set the lock bits, but don´t burn a code using this method because it overlaps the fuse and lock bits and the code. To not change the lock bits you can use other program to burn your .HEX file, or use the IDE.
If this method works fine, try to read your Arduino, and a empty file will appear.
