| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Jan 2016 11:25:33 -0800
From: Brian Norris <computersforpeace@...il.com>
To: <linux-mtd@...ts.infradead.org>
Cc: Brian Norris <computersforpeace@...il.com>,
Rafał Miłecki <zajec5@...il.com>,
Ezequiel Garcia <ezequiel@...guardiasur.com.ar>,
Boris Brezillon <boris.brezillon@...e-electrons.com>,
linux-kernel@...r.kernel.org, Bayi Cheng <bayi.cheng@...iatek.com>,
Marek Vasut <marex@...x.de>, djkurtz@...omium.org
Subject: [PATCH v2 4/8] mtd: spi-nor: disallow further writes to SR if WP# is low
Locking the flash is most useful if it provides real hardware security.
Otherwise, it's little more than a software permission bit.
A reasonable use case that provides real HW security might be like
follows:
(1) hardware WP# is deasserted
(2) program flash
(3) flash range is protected via status register
(4) hardware WP# is asserted
(5) flash protection range can no longer be changed, until WP# is
deasserted
In this way, flash protection is co-owned by hardware and software.
Now, one would expect to be able to perform step (3) with
ioctl(MEMLOCK), except that the spi-nor driver does not set the Status
Register Protect bit (a.k.a. Status Register Write Disable (SRWD)), so
even though the range is now locked, it does not satisfy step (5) -- it
can still be changed by a call to ioctl(MEMUNLOCK).
So, let's enable status register protection after the first lock
command, and disable protection only when the flash is fully unlocked.
Signed-off-by: Brian Norris <computersforpeace@...il.com>
---
v2:
* added clearing the SRWD bit when unlocking the entire flash
drivers/mtd/spi-nor/spi-nor.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c
index 68133b949fe5..54eaf4b5bf05 100644
--- a/drivers/mtd/spi-nor/spi-nor.c
+++ b/drivers/mtd/spi-nor/spi-nor.c
@@ -540,6 +540,9 @@ static int stm_lock(struct spi_nor *nor, loff_t ofs, uint64_t len)
status_new = (status_old & ~mask) | val;
+ /* Disallow further writes if WP pin is asserted */
+ status_new |= SR_SRWD;
+
/* Don't bother if they're the same */
if (status_new == status_old)
return 0;
@@ -605,6 +608,10 @@ static int stm_unlock(struct spi_nor *nor, loff_t ofs, uint64_t len)
status_new = (status_old & ~mask) | val;
+ /* Don't protect status register if we're fully unlocked */
+ if (lock_len == mtd->size)
+ status_new &= ~SR_SRWD;
+
/* Don't bother if they're the same */
if (status_new == status_old)
return 0;
--
2.7.0.rc3.207.g0ac5344
Powered by blists - more mailing lists