This is an automated email from Gerrit. Paul Fertser (fercer...@gmail.com) just uploaded a new patch set to Gerrit, which you can find at http://openocd.zylin.com/5535
-- gerrit commit 2e6fee60c5958c5a12ff359d54e4be4e38e9e263 Author: Paul Fertser <fercer...@gmail.com> Date: Sun Mar 22 19:45:57 2020 +0300 flash: nor: add an educational message regarding MCU locking security Change-Id: Ic0741487ae50f0c544baab4f4724d824c0343d26 Signed-off-by: Paul Fertser <fercer...@gmail.com> diff --git a/src/flash/nor/core.h b/src/flash/nor/core.h index ff5cb60..5daec84 100644 --- a/src/flash/nor/core.h +++ b/src/flash/nor/core.h @@ -276,5 +276,7 @@ int get_flash_bank_by_addr(struct target *target, target_addr_t addr, bool check * @returns A struct flash_sector pointer or NULL when allocation failed. */ struct flash_sector *alloc_block_array(uint32_t offset, uint32_t size, int num_blocks); +/** Print a warning about potential insecurities of protections. */ +COMMAND_HELPER(flash_print_protection_warning, int dummy); #endif /* OPENOCD_FLASH_NOR_CORE_H */ diff --git a/src/flash/nor/em357.c b/src/flash/nor/em357.c index 38fb731..1c8ff43 100644 --- a/src/flash/nor/em357.c +++ b/src/flash/nor/em357.c @@ -775,6 +775,8 @@ COMMAND_HANDLER(em357_handle_lock_command) return ERROR_TARGET_NOT_HALTED; } + CALL_COMMAND_HANDLER(flash_print_protection_warning, 0); + if (em357_erase_options(bank) != ERROR_OK) { command_print(CMD, "em357 failed to erase options"); return ERROR_OK; diff --git a/src/flash/nor/kinetis.c b/src/flash/nor/kinetis.c index 1d63352..1d80a06 100644 --- a/src/flash/nor/kinetis.c +++ b/src/flash/nor/kinetis.c @@ -3019,6 +3019,8 @@ COMMAND_HANDLER(kinetis_fcf_source_handler) return ERROR_COMMAND_SYNTAX_ERROR; } + CALL_COMMAND_HANDLER(flash_print_protection_warning, 0); + if (allow_fcf_writes) { command_print(CMD, "Arbitrary Flash Configuration Field writes enabled."); command_print(CMD, "Protection info writes to FCF disabled."); diff --git a/src/flash/nor/stm32f1x.c b/src/flash/nor/stm32f1x.c index 31cec86..e7d425a 100644 --- a/src/flash/nor/stm32f1x.c +++ b/src/flash/nor/stm32f1x.c @@ -1179,6 +1179,8 @@ COMMAND_HANDLER(stm32x_handle_lock_command) if (ERROR_OK != retval) return retval; + CALL_COMMAND_HANDLER(flash_print_protection_warning, 0); + if (stm32x_erase_options(bank) != ERROR_OK) { command_print(CMD, "stm32x failed to erase options"); return ERROR_OK; diff --git a/src/flash/nor/stm32f2x.c b/src/flash/nor/stm32f2x.c index c1283bb..41a5f0b 100644 --- a/src/flash/nor/stm32f2x.c +++ b/src/flash/nor/stm32f2x.c @@ -1451,6 +1451,8 @@ COMMAND_HANDLER(stm32x_handle_lock_command) /* return ERROR_TARGET_NOT_HALTED; */ } + CALL_COMMAND_HANDLER(flash_print_protection_warning, 0); + if (stm32x_read_options(bank) != ERROR_OK) { command_print(CMD, "%s failed to read options", bank->driver->name); return ERROR_OK; diff --git a/src/flash/nor/stm32l4x.c b/src/flash/nor/stm32l4x.c index c8055cd..93c4bf9 100644 --- a/src/flash/nor/stm32l4x.c +++ b/src/flash/nor/stm32l4x.c @@ -1093,6 +1093,8 @@ COMMAND_HANDLER(stm32l4_handle_lock_command) return ERROR_TARGET_NOT_HALTED; } + CALL_COMMAND_HANDLER(flash_print_protection_warning, 0); + /* set readout protection level 1 by erasing the RDP option byte */ if (stm32l4_write_option(bank, STM32_FLASH_OPTR, 0, 0x000000FF) != ERROR_OK) { command_print(CMD, "%s failed to lock device", bank->driver->name); diff --git a/src/flash/nor/stm32lx.c b/src/flash/nor/stm32lx.c index e6473f8..99b2b3c 100644 --- a/src/flash/nor/stm32lx.c +++ b/src/flash/nor/stm32lx.c @@ -342,6 +342,8 @@ COMMAND_HANDLER(stm32lx_handle_lock_command) if (ERROR_OK != retval) return retval; + CALL_COMMAND_HANDLER(flash_print_protection_warning, 0); + retval = stm32lx_lock(bank); if (retval == ERROR_OK) diff --git a/src/flash/nor/tcl.c b/src/flash/nor/tcl.c index bd313a0..3dc04f1 100644 --- a/src/flash/nor/tcl.c +++ b/src/flash/nor/tcl.c @@ -1223,6 +1223,13 @@ COMMAND_HANDLER(handle_flash_init_command) return flash_init_drivers(CMD_CTX); } +COMMAND_HELPER(flash_print_protection_warning, int dummy) +{ + command_print(CMD, "Enabling protection. Please regularly check the CVE database" + " and other sources if you count on the security of this feature."); + return ERROR_OK; +} + static const struct command_registration flash_config_command_handlers[] = { { .name = "bank", -- _______________________________________________ OpenOCD-devel mailing list OpenOCD-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openocd-devel