lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8797addc6c063b867b94cce352191aab@walle.cc>
Date:   Tue, 07 Feb 2023 15:11:26 +0100
From:   Michael Walle <michael@...le.cc>
To:     Mika Westerberg <mika.westerberg@...ux.intel.com>
Cc:     mauro.lima@...ypsium.com, broonie@...nel.org,
        linux-kernel@...r.kernel.org, linux-spi@...r.kernel.org
Subject: Re: [PATCH 1/1] spi: intel: Remove DANGEROUS tag from pci driver

Hi Mika,

Am 2023-02-07 15:03, schrieb Mika Westerberg:
> On Tue, Feb 07, 2023 at 02:52:54PM +0100, Michael Walle wrote:
>> > Modern CPUs exposes this controller as PCI device that only uses
>> > hardware sequencing capabilities which is safer than software
>> > sequencing.
>> > Leave the platform driver as *DANGEROUS* and update help text since
>> > most of these controllers are using software sequencing.
>> 
>> Out of curiosity, what is hardware sequencing? Maybe this should
>> be explained a bit more in the Kconfig help text. Looks like the
>> dangerous was there because you can update the bios and that
>> could eventually lead to a bricked mainboard. So hardware
>> sequencing helps there? how?
> 
> Hardware sequencing means the controller exposes just a bunch of "high
> level" operations to the software.

Ok, I figured it would have been something to do with the SPI driver
just supporting these high level ops. But even with that background
it was hard to connect that to the "hardware sequencing". The help
text should be somewhat understandable to the user/distro 
people/whoever,
right? So I'd suggest to explain that a bit more in detail, or don't
use the term hardware sequencing at all. I'm not sure.

> Such as read, write, erase and so on
> but does not allow running the actual "low level" SPI-NOR opcodes.
> Software sequencing on the other hand allows running pretty much any
> opcode and this is what caused problems for certain Lenovo laptops few
> years back that then resulted adding DANGEROUS to the Kconfig.

That information should go into the commit message.

> Typically the flash is locked by the BIOS so ordinary users cannot
> really overwrite it, even by accident.

I see, thanks for the explanation!

-michael

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ