Protect Sketch from being Read

Ok i have looked around, and found that the sketch on the ATMEGA can be downloaded ( machine language not compile ) and can be put in another arduino. I should avoid that. Can someone help me in a step to step explaination? I'v undestood that only if i have an ISP i can set the fuse of the Atmega to avoid reading from external sources. Are there any link i can read some info about this process? The software not the hardware. Actually i'm using ATMEGA1280.

Hope someone can help me, but thanks anyway if you read trough here.

You need to read the ATMEL spec for the processor to see what fuses you need to change.

You will need an ISP, and there are plenty of posts on the forum about the various sorts of ISPs. I use a arduino board clone that has links on it to allow ISP processing, I got it off ebay for less then £20. You can also use some arduinos if you cut a track.

Once you have the ISP, the next step to find information is just to press shift when you download a sketch (this is not using the ISP, its just to find out where avrdude). This shows the processes going on, and the one you will be interested in is avrdude. The output will show on your system where avrdude is.

Then you need to run avrdude with no options, and read the documentation on that. One of the things avrdude will do is write to the fuses. On my system the command to write a sketch with an ISP was: $/home/roger/arduino-0022/hardware/tools/avrdude -C/home/roger/arduino-0022/hardware/tools/avrdude.conf -v -v -v -v -patmega168 -cstk500v1 -P/dev/ttyUSB0 -b19200 -D -Uflash:w:/tmp/build5814928292371967035.tmp/Blink.cpp.hex:i

The command to write a fuse will be similar but with the -U something like -Ulofuse:w:AA

I would recommend that you buy a few processors, because I bet you will lock up a few.

After uploading yor sketch, you need an ISP programmer to set the lock bits. Something like the following will lock the chip from further programming. Beware, this will block writing as well as reading.

ide\tools\avr\bin\avrdude -C ide\tools\avr\etc\avrdude.conf -p atmega328 -P com1 -b 19200 -c stk500v1 -v -u -U lock:w:0x00:m

from the AVRDUDE manual - - page 21

Writing lock bits is supported, but is restricted to the boot lock bits (BLBxx). These are restrictions imposed by the underlying SPM instruction that is used to program the device from inside the boot loader. Note that programming the boot lock bits can result in a “shoot-into-your-foot” scenario as the only way to unprogram these bits is a chip erase, which will also erase the boot loader code.

don't know for sure if this applies to all processors but as I read it I think you can revitalize locked up 328's. [still buy some extra]

A high voltage programmer can clear the MCU.

I'm wondering if the bootloader sets any fuses limiting writing to flash when a sketch has been uploaded?

Hmm, it does sound like fully-locked processors can still be erased, and perhaps even by the bootloader. Who's going to try it?

As for setting the lock bits ... I think the Uno's Optiboot bootloader cannot do this at all - even the BLBxx bits. I don't know about the other Arduino bootloaders. The fuses cannot be changed by any bootloader.

Looks like if you lock the flash from being verified (read) then you can only recover with a chip erase (which of course discards the flash memory).

If you also disable SPI programming then you would need the high-voltage programmer (eg. AVR Dragon) to recover.

I was more wondering if some part of the process would leave the RWW flash write-locked. Like after a sketch has been loaded.

If not then I think it may be possible for a routine in bootloader flash to write records to application flash, a 3k data logger program on a 328p could have better than 24k storage around 10,000 times which ain't bad for a few bucks.

AMForth does write to flash while running which they say about why they use no bootloader:

this can only be changed for bootloaders with an application usable API to use the flash self programming feature. There are none currently available.

I'm just interested in writing data to flash ATM.

When I was reading on lock bits I see a note about running interrupts in SPM being lockable which leaves the question of running unlocked, can code in SPM be called or triggered to copy SRAM contents into a record in flash?

[quote author=Nick Gammon link=topic=104695.msg785642#msg785642 date=1336364715] Looks like if you lock the flash from being verified (read) then you can only recover with a chip erase (which of course discards the flash memory).[/quote]

:grin: secrets stay secret

If you also disable SPI programming then you would need the high-voltage programmer (eg. AVR Dragon) to recover.

Interesting. You can be safe and still able to reprogram with cheap hardware.

Does SPIEN only enable SPI programming, because SPIEN looks at me and says SPI Enable. It doesn't turn all SPI off to have that bit = 1 does it? And no, I wouldn't mess with it. :)

That's right, only the ICSP programming, which uses SPI.

No doubt you can still use SPI in your program.

I really thank you all for all your answer.

I think i will use another arduino as an ISP programmer. for now i will download avr program and then, when i'll start to get some familiar, i will post here my question. Ther's one thing i didnt get, when i lock the arduino memory, can i reprogram without any other hardware?

To sum up, and hopefully clarify:

You can set a simple fuse (check the datasheet for your particular chip so see which) that prevents the flash from being read. You can still erase the chip and write new code, you just can't read back the code that's already there. (This is a code protection feature, and sounds like what you want.)

You can also lock the chip from being programmable by SPI at all -- no reading, no writing. Poor-man's write-once. This can still be undone with a high-voltage programmer, but it's a bit more trouble. (This is meant to prevent any changes whatsoever, and sounds like overkill for what you want.)