lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZjNm3OnJ1fdHctaZ@hovoldconsulting.com>
Date: Thu, 2 May 2024 12:11:40 +0200
From: Johan Hovold <johan@...nel.org>
To: Janaki Ramaiah Thota <quic_janathot@...cinc.com>
Cc: Luiz Augusto von Dentz <luiz.dentz@...il.com>,
	Doug Anderson <dianders@...omium.org>,
	Johan Hovold <johan+linaro@...nel.org>,
	Marcel Holtmann <marcel@...tmann.org>,
	linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org, quic_mohamull@...cinc.com,
	quic_hbandi@...cinc.com, quic_anubhavg@...cinc.com
Subject: Re: [PATCH] Bluetooth: qca: generalise device address check

On Thu, May 02, 2024 at 12:35:19PM +0530, Janaki Ramaiah Thota wrote:
> On 4/30/2024 6:37 PM, Johan Hovold wrote:

> > But here we disagree. A non-unique address is not a valid one as it will
> > cause collisions if you have more than one such controller.
> > 
> > I understand that this may be convenient/good enough for developers in
> > some cases, but this can hurt end users that do not realise why things
> > break.
> > 
> > And a developer can always configure an address manually or patch the
> > driver as needed for internal use.
> > 
> > Are there any other reasons that makes you want to keep the option to
> > configure the device address through NVM files? I'm assuming you're not
> > relying on patching NVM files to provision device-specific addresses
> > after installation on target?

> We prefer unique address to be flashed on OTP (persistent) memory of
> BT-Chip, which is supported by almost all QC BT-chips.

Yes, that is certainly the best option for everyone.

> If someone is not able to do that/ does not prefer that, they still
> have an option to flash unique address in firmware binary (NVM)file.
> This does not require setting BD address from user space.
> 
> Also until a developer flashes OTP/ keep unique BD-Address in NVM,
> he should be able to run most of the use cases from Device, that's
> why we want to make it as configured.

Ok, but a developer can still do this since they can patch the driver to
disable the check temporarily or, alternatively, just update the
devicetree with a valid unique address.

> In our opinion this provides best Out of box experience.

You can also look into improving support in user space (e.g. bluez) for
providing a valid unique address in a simple text-based configuration
file.

That would be useful for all Linux users and not require having access
to Qualcomm specific tools to update the NVM configuration file (which
could also be in a read-only file system, e.g. on Android).

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ