I have before me the task to write down on a clean 5V 16MHz Atmega 328Pchip the bootloader optiboot to be able to use the watchdog function. Then block access to the reading of the chip bootloader and my Arduino-based program sketch.
I have a clone USVasp by Thomas Fischl. I found only one program that works with windows and USVasp - AVRDUDESS (http://blog.zakkemble.co.uk/avrdudess-a-gui-for-avrdude/).
If I understand correctly, the procedure is as follows:
connect the programmer, the programmer adjusts the settings, the type of microcontroller.
Thanks for the answer! I'm writing a program in Arduino IDE. To write bootloader, sketch and modify LB I plan not to use Arduino IDE, but Avrdudess.
Questions.
Can a sketch from Arduino to work without bootloader? I think no (even if I do not need PX-TX).
Is there any opportunity to defend my Arduino sketch from copy?
If you upload the sketch via ISP instead of using the bootloader, you do not need a bootloader. You would just program normally, but instead of upload, do upload using programmer (and have your programmer selected from tools -> programmer menu). Everything works the same, except you can't put a new sketch onto it via serial, only via ISP.
This way, you could program the sketch, then set the lock bits to lock it down (with avrdude) and you'd be all set. Future programming would only be possible after doing chip-erase over ISP, which resets lock bits as well. For added security, you could disable programming via SPI and/or disable reset, but this makes reprogramming the chip rather difficult.
yes, i get a kick out of that too. specially funny the guys who imbed in a block of epoxy or whatever. basically does little more than alienate bonafide customers and no obstacle to a true hacker.
generally speaking if you write all zeros to the lock bytes for all avr chips that will be as safe as it gets.
Yes, I use avrdude and ISP to download Arduino sketches in HEX format.
Now I realized that bootloader can not load if I do not use the load programs via FTDI. Immediately questionnaire can I use the library SERIAL without a bootloader?
And perhaps I need to set the Reset Vector = Application Reset (address 0x0000)?
The main objective of the exact same - to protect the program from the copy from the chip and be able to load, if it is needed, in its place a new sketches through ISP after erasing flash and lock bits.
I did not understand what did You mean “disable programming via SPI”? In the description of LB has only SPM and LPM.
I realized that “disable reset” (RSTDISBL-bit#7 of HF) can not be changed, otherwise the chip can not be reprogrammed by SPI.
Then, as I understand it, for Atmega328P 16 MHz 5V is necessary to use other fuses compared with UNO to protect sketches:
LF: FF-to FF
HF: DA-to DB (bit 0 set to 1- set Reset Vector = Application Reset (address 0x0000)
EF: 05-to 05
LB: 0f- to 00 after set fuses.
Is it correct?
Thanks in advance for your help!
john1993:
generally speaking if you write all zeros to the lock bytes for all avr chips that will be as safe as it gets.
i forgot that programming the rstdsbl fuse is an additional level of protection. you need 12v programming hardware to change that which is rare and complicated. in fact a number one reason for bricked chips.
so after loading a program whether by arduino ide or by avrdude direct the best level of protection is then to burn rstdsbl in addition to all the lock bits.
Paul__B:
The bootloader is not used as a BIOS. Once it turns control over to the main program, there is no interaction with it at all.
Your serial routines in a sketch are serviced within the compiled sketch - the compiler puts them all in. The sketch is entirely self-sufficient.
I realized that the bootloader using only once after the power-up to implement the programming features sketch of Arduino IDE through FTDI.
If not used bootloader, what I need set the Reset Vector = Application Reset (address 0x0000) = HF: DA change to DB?
There is a need in this case to change Bootsize (BOOTSZ1 & BOOTSZ0 in HF)?
Thanks in advance!
john1993:
i forgot that programming the rstdsbl fuse is an additional level of protection. you need 12v programming hardware to change that which is rare and complicated. in fact a number one reason for bricked chips.
so after loading a program whether by arduino ide or by avrdude direct the best level of protection is then to burn rstdsbl in addition to all the lock bits.
Thanks for your reply!
I would not want to set "External reset disable" option because I use a capacitor for external reset and also want to be able to write new sketch by Avrdude-ISP.
Is Lock byte =0x00 (all bits BLB & LB=0 ) installation will not be enough to protect against copying?
writing zeros is enough to protect avr in 99% of cases. rstdsbl for 99.99%. there is no 100% because for a few hundred dollars pirates can have the cover removed and unlock from the inside. afaik the most inexpensive common chip that is 100% safe is some member of the 8051 family.
john1993:
writing zeros is enough to protect avr in 99% of cases. rstdsbl for 99.99%. there is no 100% because for a few hundred dollars pirates can have the cover removed and unlock from the inside. afaik the most inexpensive common chip that is 100% safe is some member of the 8051 family.
99%-that is enough for me!
I was alone on the issue today.
If not used bootloader, what I need set the Reset Vector = Application Reset (address 0x0000) = HF: DA change to DB?
There is a need in this case to change Bootsize (BOOTSZ1 & BOOTSZ0 in HF)?
Thanks in advance!
Gennady,
Don't forget about the s/w licensing terms for any of the s/w libraries that you have used.
I'm assuming that the AVR chip is being locked because it is part of some sort of closed source commercial product
Be aware that using open source comes with licensing requirements and restrictions.
Depending on which Arduino libraries you use (different libraries have different licensing terms), you may not be able to legally ship a closed source product that uses it without violating copyright laws.
For example, if any of the libraries you used are GPL v3 then you are prohibited from creating a closed source product and will be required to disclosed the full source code to all your code - that is price you pay for using GPL v3.0 code.
The majority of the libraries that ship with the IDE are licensed LGPL v2.0+ but not all of them are and there are several different licenses that are in use for various 3rd party libraries.
While many people tend to equate open source LGPL code with "freeware" this is definitely not the case.
LGPL is much more restrictive than say the modified BSD license - which essentially is freeware.
The LGPL 2.0+ license is quite clear, the cost for using it is that you must provide the source code to any modifications that you have made to any of the LGPL code and more importantly, provide a way for the user to update any of the LGPL code in your image.
This second part is where some products/projects fall down with respect to complying with the licensing terms since
they fail provide a way to allow the end user to update any of the LGPL modules that were used in the building of the s/w image.
The user of the LGPL code must at a minimum provide pre-built binary objects that can be used to re-build the s/w image with updated versions of the LGPL modules.
It is extremely difficult to comply with the LGPL 2.0 licensing terms with Arduino f/w images.
In fact it is impossible to comply if only using the GUI IDE since the GUI IDE does provide a mechanism to use pre-built library object images.
Now that the newer Arduino build tools provide command line capabilities, it is now possible to create makefiles or scripts that allow rebuilding the images.
So Gennady, as you go down this path of trying to lock up your firmware image you will also need to verify that your final image or product is compliant with the s/w licensing terms of any/all libraries that you have used in your image.
I do not really good understand English, especially in legal matters. But I make no commercial products. I just wanted to present their project at the open student competition and jota that anyone could ever without my permission to use my first idea, and in the second the program.
The project concerns the automation of agriculture for the collection of weather data and processing and forecasts. In principle, it can be easily converted to C++, as there is not use any library.
DrAzzy:
If you upload the sketch via ISP instead of using the bootloader, you do not need a bootloader. You would just program normally, but instead of upload, do upload using programmer (and have your programmer selected from tools -> programmer menu). Everything works the same, except you can't put a new sketch onto it via serial, only via ISP.
This way, you could program the sketch, then set the lock bits to lock it down (with avrdude) and you'd be all set. Future programming would only be possible after doing chip-erase over ISP, which resets lock bits as well. For added security, you could disable programming via SPI and/or disable reset, but this makes reprogramming the chip rather difficult.
Is it possible to explain how exactly the command for the avrdude would be like ?
thank you
thebadtall:
Is it possible to explain how exactly the command for the avrdude would be like ?
thank you
Yes, it would be exactly like this: In the Arduino IDE preferences, checkmark show verbose output on upload. Connect your ISP programmer device or another Arduino as ISP to the target Arduino as if you are burning a bootloader. Find on the File or Sketch menu the command Upload Using Programmer, and use that to upload a sketch. The avrdude command will be shown to you in the verbose output at the bottom of the window. You can use that avrdude command on the command line of your computer, modifying it to include other options such as setting fuses and lock bits or uploading other hex files. When you do the Burn Bootloader function, you will see 2 separate avrdude commands, one after the other. You will see how the fuses and lock bits are set in those commands.
Further reading: Command line options for avrdude can be found by google, as well as the data sheet for the processor you are using (ATmega328P, ATmega2560, etc.) and also there are online fuse calculators you will find useful. When you get into setting fuses using the avrdude command line, it is possible to brick your processor such that high voltage programming would be required to recover. If that happens, there are also tutorials you can find online for using an Arduino as a high voltage programmer. Or buy a new processor.