| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y+JaKF4FZQKqeGs7@black.fi.intel.com>
Date: Tue, 7 Feb 2023 16:03:20 +0200
From: Mika Westerberg <mika.westerberg@...ux.intel.com>
To: Michael Walle <michael@...le.cc>
Cc: mauro.lima@...ypsium.com, broonie@...nel.org,
linux-kernel@...r.kernel.org, linux-spi@...r.kernel.org
Subject: Re: [PATCH 1/1] spi: intel: Remove DANGEROUS tag from pci driver
Hi,
On Tue, Feb 07, 2023 at 02:52:54PM +0100, Michael Walle wrote:
> > Modern CPUs exposes this controller as PCI device that only uses
> > hardware sequencing capabilities which is safer than software
> > sequencing.
> > Leave the platform driver as *DANGEROUS* and update help text since
> > most of these controllers are using software sequencing.
>
> Out of curiosity, what is hardware sequencing? Maybe this should
> be explained a bit more in the Kconfig help text. Looks like the
> dangerous was there because you can update the bios and that
> could eventually lead to a bricked mainboard. So hardware
> sequencing helps there? how?
Hardware sequencing means the controller exposes just a bunch of "high
level" operations to the software. Such as read, write, erase and so on
but does not allow running the actual "low level" SPI-NOR opcodes.
Software sequencing on the other hand allows running pretty much any
opcode and this is what caused problems for certain Lenovo laptops few
years back that then resulted adding DANGEROUS to the Kconfig.
Typically the flash is locked by the BIOS so ordinary users cannot
really overwrite it, even by accident.
Powered by blists - more mailing lists