LPC55Sxx security, disable swd while allowing ISP writes

dav1 · ‎10-31-2024

Trying to find a way to achieve the following (LPC55S69)

1. disable access to firmware on flash (via SWD and ISP/blhost)

2. assuming fw-binary still be dumped from flash, prevent running it on a LPC that doesn't have "crypto-key xyz"

3. ISP boot via USB must still work to allow erasing & writing new data to flash, i.e. recovery mode. ISP must prevent readout from data on flash (unless we can make §2 safe enough)

Alice_Yang · ‎11-01-2024

Hello @dav1

I recommend the following solution:

Disable ISP and SWD while keeping a gateway open, so that the flash cannot be read or written. When you need to update the firmware, enable ISP through the backdoor.

Detail please refer to: https://community.nxp.com/t5/LPC-Microcontrollers-Knowledge/LPC55-Disable-ISP-and-SWD-to-utilize-cod...

BR

Alice

dav1 · ‎05-05-2025

hi,

i checked the linked article. it doesn't answer my question.
please help check with the team and get back

simplified:

disable swd
ISP (via USB)
- prevent: reading/dumping firmware from flash via ISP
- allow: erasing and writing new firmware to flash