lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <m33bad9hgy.fsf@defiant.localdomain>
Date:	Wed, 27 Sep 2006 22:34:21 +0200
From:	Krzysztof Halasa <khc@...waw.pl>
To:	Linus Torvalds <torvalds@...l.org>
Cc:	Nicolas Mailhot <nicolas.mailhot@...oste.net>,
	linux-kernel@...r.kernel.org,
	James Bottomley <James.Bottomley@...elEye.com>
Subject: Re: GPLv3 Position Statement

I generally agree with you, but...

Linus Torvalds <torvalds@...l.org> writes:

> And it not at all uncommon to have a flash that simply cannot be upgraded 
> without opening the box. Even a lot of PC's have that: a lot (most?) PC's 
> have a flash that has a separate _hardware_ pin that says that it is 
> (possibly just partially) read-only. So in order to upgrade it, you'd 
> literally need to open the case up, set a jumper, and _then_ run the 
> program to reflash it.

I think this is history. Yes, late 486s and Pentiums (60 and 66?)
had a jumper protecting the flash. It's not true since ca. "Pentium 75+"
days - while many boards use "bootblock" chips, it's (almost?) always
unprotected (at most it just requires setting some GPIO pin(s)). The
rest of flash obviously has to be R/W to support the ESCD etc.

I think there are systems with 2 copies of the whole BIOS, and the
user selects the copy with a jumper (probably connected directly to
the most significant address line of the flash IC) - the second
copy might theoretically use a R/O bootblock but I've never checked it.

Most VGAs, disks, PCI cards etc. have flash chips with no protection
either, and I have to say I felt much better when they used (EP)ROMs.

I think almost all hardware manufacturers use a blank flash chips,
programming them "in system" with things like JTAG.
-- 
Krzysztof Halasa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ