lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zip9vMHa2x-uW-pf@hovoldconsulting.com>
Date: Thu, 25 Apr 2024 17:58:52 +0200
From: Johan Hovold <johan@...nel.org>
To: Janaki Ramaiah Thota <quic_janathot@...cinc.com>
Cc: Doug Anderson <dianders@...omium.org>,
	Johan Hovold <johan+linaro@...nel.org>,
	Marcel Holtmann <marcel@...tmann.org>,
	Luiz Augusto von Dentz <luiz.dentz@...il.com>,
	Matthias Kaehlcke <mka@...omium.org>,
	linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org, Stephen Boyd <swboyd@...omium.org>
Subject: Re: [PATCH] Bluetooth: qca: fix invalid device address check

Hi Janaki,

On Thu, Apr 25, 2024 at 08:31:50PM +0530, Janaki Ramaiah Thota wrote:

> Apologies for the delay. As of now, we have observed the following
> values in the upstream firmware files for default BD addresses.
> We will confirm ASAP if there are any changes.
> 
> ---------------------------------------------------------
> |   BDA	             |      Chipset		        |
> ---------------------------------------------------------	
> | 20 00 00 10 80 39  |	WCN3988 with ROM Version 0x0200	|
> ---------------------------------------------------------	
> | 00 08 74 12 80 39  |  WCN3988 with ROM Version 0x0201	|
> ---------------------------------------------------------	
> | 00 07 64 21 90 39  |  WCN3990			        |
> ---------------------------------------------------------

Thanks a lot for these. I see now that the default Trogdor address Doug
reported (39:98:00:00:5a:ad) appears to comes from the fw too:

	$ od -x crnv32.bin | grep 5aad

	0000020 0000 0000 5aad 0000 3998 0008 0008 0000

which means that patch I sent this morning should be all that is needed
for those machines at least.

Can you please confirm that all the WCN39xx have OTP storage for an
address that an OEM can choose to use?

If that's not the case then we could simplify things by always marking
their addresses as invalid, but I assume that they all have address
storage.

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ