lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1414407519.26910.5.camel@linux-0dmf.site>
Date:	Mon, 27 Oct 2014 11:58:39 +0100
From:	Oliver Neukum <oneukum@...e.de>
To:	russ.dill@...il.com
Cc:	linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
	greg@...ah.com
Subject: Re: [PATCH] usb: serial: Perform verification for FTDI FT232R
 devices

On Thu, 2014-10-23 at 01:52 -0700, russ.dill@...il.com wrote:
> From: Russ Dill <Russ.Dill@...il.com>
> 
> This patch provides the FTDI genuine product verification steps
> as contained within the new 2.12.00 official release. It ensures
> that counterfeiters don't exploit engineering investment made
> by FTDI. Counterfeit ICs are destroying innovation in the
> industry.
> 
> FTDI recommends that to guarantee genuine FTDI products
> please purchase either from FTDI directly or an authorised
> distributor.
> 
> This is definitely not targeting end users - if you're unsure if
> ICs are genuine then please don't use the drivers.

So you don't want this merged?
If you want to have it merged please explain the benefit.

> +static void ftdi_verify(struct usb_serial_port *port)
> +{
> +	struct ftdi_private *priv = usb_get_serial_port_data(port);
> +	u16 *eeprom_data;
> +	u16 checksum;
> +	int eeprom_size;
> +	int i;
> +
> +	switch (priv->chip_type) {
> +	case FT232RL:
> +		eeprom_size = 0x40;
> +		break;
> +	default:
> +		/* Unsupported for verification */
> +		return;
> +	}
> +
> +	/* Latency timer needs to be 0x77 to unlock EEPROM programming */
> +	if (priv->latency != 0x77) {
> +		int orig_latency = priv->latency;
> +		priv->latency = 0x77;
> +		write_latency_timer(port);
> +		priv->latency = orig_latency;
> +	}
> +
> +	eeprom_data = kzalloc(eeprom_size * 2, GFP_KERNEL);
> +	if (!eeprom_data)
> +		return;
> +
> +	/* Read in EEPROM */
> +	for (i = 0; i < eeprom_size; i++)
> +		if (read_eeprom(port, i, eeprom_data + i) < 0)
> +			goto end_verify;
> +
> +	/* Verify EEPROM is valid */
> +	checksum = ftdi_checksum(eeprom_data, eeprom_size);
> +	if (checksum != eeprom_data[eeprom_size - 1])
> +		goto end_verify;
> +
> +	/* Attempt to set Vendor ID to 0 */
> +	eeprom_data[1] = 0;
> +
> +	/* Calculate new checksum to avoid bricking devices */
> +	checksum = ftdi_checksum(eeprom_data, eeprom_size);
> +
> +	/* Verify EEPROM programming behavior/nonbehavior */
> +	write_eeprom(port, 1, 0);

In case of disconnect here, what have we just done to the device?

> +	write_eeprom(port, eeprom_size - 1, checksum);
> +
> +end_verify:
> +	kfree(eeprom_data);
> +}
> +

	Oliver


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ