Many thanks, Ijaz for the link. It is Chan-Chi who is my contact. He's away at present. Thanks guys for the discussion on parallel programming algorithm and secrecy; but I can already do that. (You have to write your own ISP loader for the Winbond, so you MUST do an initial programme on the parallel programmer that writes one binary image to APROM (0-FFFFh), and another to LDROM (0-0FFFh).) What I need to know is related to serial ISPing:

1. When running the ISP loader code in LDROM, how can one write to LDROM location FFFFh (where the lock byte resides)?

2. Do the lock bits affect the ability to read back the application firmware (in APROM) using code in LDROM (it obviously must block parallel readback and/or MOVC instructions from external ROM)? I don't think it necessary to secure readback via ISP because all that code is under MY control (impossible for a 'code thief' to emulate it). But Winbond may have other views.

(As an aside; I would like to leave in the ability to dump the APROM image via an ISP function, as we have had a number of recent instances of 'lost' APROM, which I now strongly suspect to be caused during power up/down phases. To be able to see where and how the APROM was corrupted on a returned module would be very useful.)

As I said, the datasheet is woefully inadequate on the subject. But it's clearly not because they want to maintain secrecy, as they do provide enough info to whet the appetite. They wouldn't do that if they didn't want you to do it.

Very best to all,
Dave