[Amforth-devel] Protected Amforth

[<an...@ki...>]

Guys

Been doing some thinking on bits of the conversations going off recently 
about protecting the Amforth Core from accidental overwrite. (Useful in 
some cases, particularly teaching scenarios and new starters). Thought I 
should throw them into the ring for discussion.

Creating protection is as I understand it a three step process.

1. Rearrange the core words (or at least everything needed to compile 
and load the rest. etc into the boot-loader area as if it were a large 
boot-loader.

2. Tweak the interrupts and reset vectors (maybe the reset ISR too) and 
code to deal with the new location and prepare for a boot-loader start 
(That is actually the Amforth core system). This pseudo boot loader does 
in fact boot but doesn't pass off execution to anything unless turnkey 
is setup to do so. Turnkey or a rewritable template turnkey would have 
to live in the normal flash area so it could be rewritten if necessary.

3. Set the boot vector option in the fuses to make it boot from the top 
of flash (boot loader boot) rather than the bottom (Usual or non boot 
loader boot).


Activating protection is a case of setting the appropriate fuses etc to 
lock down the boot-loader/upper flash area.


Notes/thoughts.

A. I don't think it is a good idea to issue the images and or templates 
with the protection activated. I have a nasty feeling invoking full 
protection will make it impossible to reprogram the boot-loader section 
ever again. Implementors may need/want to upgrade the core image and may 
optionally want to return their boards to service as a full arduino with 
the Arduino boot-loader. Particularly if they used it as a development 
platform and then built a dedicated Amforth board/device.

B. Creating templates and images ready for protection to be optionally 
activated is a good idea. Documenting protection activation in a 
readme.txt file or the user guides etc is I think a good idea too.

C. Issues I can see with this is that not all devices have as big a boot 
loader area. (Don't quote me on this, I could be wrong and would have to 
go through all the data sheets to be sure)

D. It may be worth considering creating a word like "FactoryReset" or 
something that lives in the core/Boot-loader section and after 
confirmation wipes/purges/re-initializes the non core/Boot-loader 
section. Restoring the board/chip to a clean state. (Good for classroom 
scenarios and new starters)

E. Making the ability to clone the current state of the device ie a 
"clone" word, part of the protected core/boot-loader would be optimal. 
There are arguments for not doing this and making it optional. 
Personally I favor the idea that it becomes an intrinsic part of all 
Amforth implementations. (Today forthduino, tomorrow the world, "Go 
forth and multiply" is a mangled biblical quote that springs to mind)

F. Given all of the above we could be struggling in 8k of boot-loader 
unless something or other could me done with the current core set to 
make space.


OK enough very poor puns on words.

Thoughts for what they are worth.....


Cheers

Andy kirby