On 04/02/15 13:56, NIIBE Yutaka wrote: > I meant, something in a JTAG/SWD protocol layer (not by user > program), built-in _hardware_ feature by semiconductor manufacturer to > show hash of flash blocks.
But Gnuk is not secret, so the flash doesn't need to be read-protected. And if you need a JTAG programmer to read the hash, you might as well reflash the MCU to your known-good Gnuk. I'm trying to think of a way to have the actual hardware present a hash to a user who doesn't own a JTAG programmer, but it's tricky :). I thought of something like dedicated pins connected to a shift register (so you don't need 256 pins), where only the hardware can shift out the actual hash; using the pins from the firmware would be prevented. But then you need a display on your token. Having four 7-segment LED displays on your token that displays the hash in groups of 4 hex digits won't exactly make for a compact arrangement :). Perhaps it could use a serial format as used by the serial port on a PC (asynchronous start/stop). Then you could connect a USB-to-serial converter to the pins on the token and see what the MCU is reporting as its hash. All nicely academic musings, in the sense that I don't see an MCU with this feature coming to the market soon... Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
