lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <871pm3iegf.fsf@bootlin.com>
Date: Wed, 12 Nov 2025 14:10:40 +0100
From: Miquel Raynal <miquel.raynal@...tlin.com>
To: Sean Anderson <sean.anderson@...ux.dev>
Cc: Tudor Ambarus <tudor.ambarus@...aro.org>,  Pratyush Yadav
 <pratyush@...nel.org>,  Michael Walle <mwalle@...nel.org>,
  linux-mtd@...ts.infradead.org,  Richard Weinberger <richard@....at>,
  linux-kernel@...r.kernel.org,  Vignesh Raghavendra <vigneshr@...com>
Subject: Re: [PATCH] mtd: spi-nor: Enable locking for n25q00a

Hello Sean,

> # flash_lock -u /dev/mtd/by-name/spi0.1
> # flash_lock -i /dev/mtd/by-name/spi0.1
> Device: /dev/mtd/by-name/spi0.1
> Start: 0
> Len: 0x8000000
> Lock status: unlocked
> Return code: 0
> # test() {
>> mtd=/dev/mtd/by-name/$1
>> start=$(($2 * 64 * 1024))
>> size=$(($3 * 64 * 1024))
>> dd if=/dev/urandom of=$1 bs=64k count=$3 status=none && \
>> mtd_debug erase $mtd $start $size && \
>> mtd_debug write $mtd $start $size $1 && \
>> dd if=$mtd bs=64k skip=$2 count=$3 status=none | sha256sum $1 - && \
>> rm $1
>> }

I am also working on locking these days, have you already started
writing extra SPI NOR Documentation/process based on this thread?

I am also trying to clarify what is expected and what the API somehow
does, as it was not fully clear for me at first sight.

[...]

> # flash_lock -u /dev/mtd/by-name/spi0.1
> # test spi0.1 64
> 83a8dc6125ec9672d18f7f18f92e16f867354dbe8e2f3b0aca52b9d0ad7d8ffe  spi0.1
> 83a8dc6125ec9672d18f7f18f92e16f867354dbe8e2f3b0aca52b9d0ad7d8ffe  -
> # flash_lock -l /dev/mtd/by-name/spi0.1 $((1024 * 64 * 1024)) 1024
> # flash_lock -i /dev/mtd/by-name/spi0.1 
> Device: /dev/mtd/by-name/spi0.1
> Start: 0
> Len: 0x8000000
> Lock status: unlocked <<<< Wrong!

This isn't wrong, even though at a first glance the output is
misleading. The API apparently does not gives you all the
locked/unlocked sectors, it is way more basic than that: it tells you
whether the full range you asked for is indeed locked.

When you run "# flash_lock -i /dev/mtd/by-name/spi0.1", you privide no
start/length values to the command. Hence, the defaults are picked: the
entire device is considered for the check. The tool asks the kernel
whether the range 0-0x7ffffff is *fully* locked. Answer is no, it is not
fully locked.

In the kernel there are two helpers for that, and they won't give you
opposite results all the time:
- is locked:
    - returns true if the given range is fully locked
    - returns false otherwise
- is unlocked:
    - returns yes if the given range is fully unlocked
    - returns false otherwise

So if you want the tool to tell you "yes", you should instead use the
exact range you locked (1024-2047) or any subset of it.

Thanks, Miquèl

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ