You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When security bit of the SAMD21 MCU is enabled using the command "bossac.exe -s", the bootloader still allows reading the flash memory.
I think the correct behavour should be for the bootloader to deny read access of the flash when security is enabled, to protect any secrets uploaded to flash as part of a sketch or to protect intellectual property.
When working with MKR GSM 1400 and MKR NB 1500, the PIN for the SIM card is stored in the flash, and is easily recovered by reading the flash content and do a search for a string of four numbers.
The problem was verified on a MKR GSM 1400, although with an old bootloader from 2017:
C:> arduino15\packages\arduino\tools\bossac\1.7.0-arduino3\bossac.exe -i
Device found on COM5
Atmel SMART device 0x10010005 found
Device : ATSAMD21G18A
Chip ID : 10010005
Version : v2.0 [Arduino:XYZ] Nov 30 2017 10:13:21
Address : 8192
Pages : 3968
Page Size : 64 bytes
Total Size : 248KB
Planes : 1
Lock Regions : 16
Locked : none Security : true
Boot Flash : true
BOD : false
BOR : false
Arduino : FAST_CHIP_ERASE
Arduino : FAST_MULTI_PAGE_WRITE
Arduino : CAN_CHECKSUM_MEMORY_BUFFER
According to docs from Microchip, the Security Bit isn't active until restart, so the board was reset a number of times, including powering down.
C:> arduino15\packages\arduino\tools\bossac\1.7.0-arduino3\bossac.exe -r c:\temp\flashcontent.bin
Device found on COM5
Atmel SMART device 0x10010005 found
Read 253952 bytes from flash
[==============================] 100% (3968/3968 pages)
done in 1.429 seconds
The text was updated successfully, but these errors were encountered:
When security bit of the SAMD21 MCU is enabled using the command "bossac.exe -s", the bootloader still allows reading the flash memory.
I think the correct behavour should be for the bootloader to deny read access of the flash when security is enabled, to protect any secrets uploaded to flash as part of a sketch or to protect intellectual property.
When working with MKR GSM 1400 and MKR NB 1500, the PIN for the SIM card is stored in the flash, and is easily recovered by reading the flash content and do a search for a string of four numbers.
The problem was verified on a MKR GSM 1400, although with an old bootloader from 2017:
C:> arduino15\packages\arduino\tools\bossac\1.7.0-arduino3\bossac.exe -i
Device found on COM5
Atmel SMART device 0x10010005 found
Device : ATSAMD21G18A
Chip ID : 10010005
Version : v2.0 [Arduino:XYZ] Nov 30 2017 10:13:21
Address : 8192
Pages : 3968
Page Size : 64 bytes
Total Size : 248KB
Planes : 1
Lock Regions : 16
Locked : none
Security : true
Boot Flash : true
BOD : false
BOR : false
Arduino : FAST_CHIP_ERASE
Arduino : FAST_MULTI_PAGE_WRITE
Arduino : CAN_CHECKSUM_MEMORY_BUFFER
According to docs from Microchip, the Security Bit isn't active until restart, so the board was reset a number of times, including powering down.
C:> arduino15\packages\arduino\tools\bossac\1.7.0-arduino3\bossac.exe -r c:\temp\flashcontent.bin
Device found on COM5
Atmel SMART device 0x10010005 found
Read 253952 bytes from flash
[==============================] 100% (3968/3968 pages)
done in 1.429 seconds
The text was updated successfully, but these errors were encountered: