Content originally posted in LPCWare by bavarian on Mon May 23 09:17:07 MST 2016
We are talking about the LPC1800/4300 devices with internal flash here.
ISP mode is clearly defined as a communication interface using UART0 and UART3. In this mode there are the ISP commands available, fully or restricted, depending on the CRP level.
This will per se not protect against USB DFU bootmode. That's only achieved when using CRP3, because then the functionality of the ISP pin P2_7 is disabled.
With CRP1 and CRP2 and the bootpins accessible, someone can set it to USB0 bootmode and drive the ISP pin low and would boot into DFU.
If you want to protect your code in the internal flash more effectively you need to combine this with the OTP bits, which would overwrite any physical boot pin levels. Then a CRP1 level and an OTP setting for UART0 bootmode would ensure that you can only get into UART0 ISP mode and there the read access would be disabled, only erase and update would be allowed.
For the devices with 2 flash banks you need to consider the following: if you have set CRP1 or CRP2 and the OTP bits for UART0 bootmode, then this effectively prevents against reading out the internal memory (both flash banks). But erase all sectors is allowed. This means that at next startup the bootcode will not find a valid user code in flash bank #A and will continue to check for valid user code in flash bank #B. If you did not create this "user code valid" condition in flash bank #B plus setting the CRPx level, the boot will hang up and would allow any JTAG debugger to access the internal memory. So flash bank #B could be read out.
To make it waterproof you need to create the right value at 0x1B00001C and the right value at 0x1B0002FC and have a small reset handler (just a while(1) loop) as dummy to cover this situation.
Regards,
NXP Support Team.
