| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160129192341.GD19540@google.com> Date: Fri, 29 Jan 2016 11:23:41 -0800 From: Brian Norris <computersforpeace@...il.com> To: Ezequiel Garcia <ezequiel@...guardiasur.com.ar> Cc: "linux-mtd@...ts.infradead.org" <linux-mtd@...ts.infradead.org>, Rafał Miłecki <zajec5@...il.com>, Boris Brezillon <boris.brezillon@...e-electrons.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Bayi Cheng <bayi.cheng@...iatek.com>, Marek Vasut <marex@...x.de>, Daniel Kurtz <djkurtz@...omium.org> Subject: Re: [PATCH 4/8] mtd: spi-nor: disallow further writes to SR if WP# is low On Fri, Jan 29, 2016 at 10:22:34AM -0300, Ezequiel Garcia wrote: > On 28 January 2016 at 16:48, Brian Norris <computersforpeace@...il.com> wrote: > > On Thu, Jan 28, 2016 at 04:24:50PM -0300, Ezequiel Garcia wrote: > >> How about this: > >> > >> 1) ioctl(MEMLOCK) the entire flash (SR_SRWD is set) > >> 2) ioctl(MEMUNLOCK) partially (SW_SRWD keeps set) > >> 3) ioctl(MEMLOCK) the entire flash again ... > >> but would (3) be allowed given > >> SW_SRWD is set? > > > > Yes, if /WP=1 (high). > > > > Right. So, after giving some more thought do this, I'd say it might > make sense to clear SRWD only when unlocking the entire flash. If > anything else, it would allow a path to disable hardware protection on > the lock range? Yes, that sounds fine to me, as it does allow removal of the HW protection. So one could, for example, do: 0. bring /WP=1 (high) 1. unlock the whole flash 2. bring /WP=0 (low) -- flash is still unlocked 3. allow a one-time relocking of the flash via MEMLOCK 4. no more locking changes I'll send out v2. Brian
Powered by blists - more mailing lists