I'm currently working on a redesign of a medical device that needs to be as bulletproof as possible. This device must support full in-system firmware update for all three micros. We have been considering the AT89C51AC2 and AT89C51ID2. One major flaw I see in these is that errant firmware could overwrite the factory bootloader and render the device little more than an expensive paperweight.

So, if anyone can offer robust methods to prevent this from happening (other than "don't let your code do that") I am all ears.

Short of that, I'm looking for a couple of micros that fit the following:

Micro 1:
~0.5 MIPS, >18 IO, internal EEPROM, 5V IO, ISP with bootloader protection

Micro 2:
>4.5 MIPS, >32 IO, internal EEPROM, 5V IO, ISP with bootloader protection, 64k FLASH.

Essentially I'm looking for the Atmel micros I mentioned but with indestructible bootloaders.

We have been looking seriously at the uPSD parts, and they have a bootloader sector that can be protected via JTAG, but given that we've decided to offload the USB to a 32 bit micro, and we don't really need a PLD, the complexity of the uPSD seems somewhat unnecessary. Granted, the 10 MIPS speed and plentiful IO may come in handy.

Thanks,

Cory