Beyond closed ROMs, it's even worse when entire lines of chips are locked behind NDAs.
It's always irked me you could never get programmable smartcards, except via a VM like Java or BASIC. The reason for this AIUI was that smartcard chips tended to consist of an 8051 plus a large customer-specified mask ROM, and very little flash. Except nowadays this is no longer the case, and platforms like ST's ST32 have ARM SC000 cores and, AIUI, are all-flash based. Except they may as well not exist for my purposes since they're entirely NDAware. Non-VM user-programmable smartcards exist, you just can't have them.
I suspect that part of this is antiquated attitudes and/or a refusal to accept Kerchhoff's principle by NXP, and that part of it is a similar attitude held by its customers, the organisations that buy smartcards. NXP's comments here as regards the LPC5S69 almost seem to insinuate something like "We don't rely on security by obscurity ourselves, but some of our customers have outmoded ideas about security and would complain if we opened things."
> I suspect that part of this is antiquated attitudes and/or a refusal to accept Kerchhoff's principle by NXP
That is attributing far too much agency to the players involved.
The real issue is much simpler: "We don't want to be bothered supporting anyone who isn't throwing around enough money that we're willing to actually do the design for them."
It's always irked me you could never get programmable smartcards, except via a VM like Java or BASIC. The reason for this AIUI was that smartcard chips tended to consist of an 8051 plus a large customer-specified mask ROM, and very little flash. Except nowadays this is no longer the case, and platforms like ST's ST32 have ARM SC000 cores and, AIUI, are all-flash based. Except they may as well not exist for my purposes since they're entirely NDAware. Non-VM user-programmable smartcards exist, you just can't have them.
I suspect that part of this is antiquated attitudes and/or a refusal to accept Kerchhoff's principle by NXP, and that part of it is a similar attitude held by its customers, the organisations that buy smartcards. NXP's comments here as regards the LPC5S69 almost seem to insinuate something like "We don't rely on security by obscurity ourselves, but some of our customers have outmoded ideas about security and would complain if we opened things."