On Tue, Aug 18, 2020 at 12:55:59PM -0300, Daniel Gutson wrote: > > If you care about other (malicious) code writing to the driver, please > > explain > > what the specific attack scenario is that you are worried about, and > > why you think > > this is not sufficient. What code would be able to write to the device > > if not the > > device driver itself? > > Maybe Mika can answer this better, but what I'm trying to do is to > limit the possibility of > damage, as explained in the Kconfig: > "Intel PCH/PCU SPI flash PCI driver (DANGEROUS)" > "Say N here unless you know what you are doing. Overwriting the > SPI flash may render the system unbootable."
Right, the PCI part of the driver unconditionally (and wrongly) tried to set the chip writeable. What this whole thing tries to protect is that the user does not accidentally write to the flash chip. It contains BIOS and other important firmware so touching it (if it is not locked in the BIOS side) may potentially brick the system. That's why we also require that command line parameter so the user who knows what he or she is doing can enable it for writing. Actually thinking about this bit more, to make PCI and the platform parts consistent we can make the "writeable" control this for the PCI part as well. So what if we add a callback to struct intel_spi_boardinfo that the PCI driver populates and then the "core" driver uses to enable writing when "writeable" is set to 1.
