[OpenOCD-devel] [PATCH]: 2e6fee6 flash: nor: add an educational message regarding MCU locking security

gerrit Sun, 22 Mar 2020 09:51:09 -0700

This is an automated email from Gerrit.

Paul Fertser (fercer...@gmail.com) just uploaded a new patch set to Gerrit, 
which you can find at http://openocd.zylin.com/5535


-- gerrit

commit 2e6fee60c5958c5a12ff359d54e4be4e38e9e263
Author: Paul Fertser <fercer...@gmail.com>
Date:   Sun Mar 22 19:45:57 2020 +0300

    flash: nor: add an educational message regarding MCU locking security
    
    Change-Id: Ic0741487ae50f0c544baab4f4724d824c0343d26
    Signed-off-by: Paul Fertser <fercer...@gmail.com>

diff --git a/src/flash/nor/core.h b/src/flash/nor/core.h
index ff5cb60..5daec84 100644
--- a/src/flash/nor/core.h
+++ b/src/flash/nor/core.h
@@ -276,5 +276,7 @@ int get_flash_bank_by_addr(struct target *target, 
target_addr_t addr, bool check
  * @returns A struct flash_sector pointer or NULL when allocation failed.
  */
 struct flash_sector *alloc_block_array(uint32_t offset, uint32_t size, int 
num_blocks);
+/** Print a warning about potential insecurities of protections. */
+COMMAND_HELPER(flash_print_protection_warning, int dummy);
 
 #endif /* OPENOCD_FLASH_NOR_CORE_H */
diff --git a/src/flash/nor/em357.c b/src/flash/nor/em357.c
index 38fb731..1c8ff43 100644
--- a/src/flash/nor/em357.c
+++ b/src/flash/nor/em357.c
@@ -775,6 +775,8 @@ COMMAND_HANDLER(em357_handle_lock_command)
                return ERROR_TARGET_NOT_HALTED;
        }
 
+       CALL_COMMAND_HANDLER(flash_print_protection_warning, 0);
+
        if (em357_erase_options(bank) != ERROR_OK) {
                command_print(CMD, "em357 failed to erase options");
                return ERROR_OK;
diff --git a/src/flash/nor/kinetis.c b/src/flash/nor/kinetis.c
index 1d63352..1d80a06 100644
--- a/src/flash/nor/kinetis.c
+++ b/src/flash/nor/kinetis.c
@@ -3019,6 +3019,8 @@ COMMAND_HANDLER(kinetis_fcf_source_handler)
                        return ERROR_COMMAND_SYNTAX_ERROR;
        }
 
+       CALL_COMMAND_HANDLER(flash_print_protection_warning, 0);
+
        if (allow_fcf_writes) {
                command_print(CMD, "Arbitrary Flash Configuration Field writes 
enabled.");
                command_print(CMD, "Protection info writes to FCF disabled.");
diff --git a/src/flash/nor/stm32f1x.c b/src/flash/nor/stm32f1x.c
index 31cec86..e7d425a 100644
--- a/src/flash/nor/stm32f1x.c
+++ b/src/flash/nor/stm32f1x.c
@@ -1179,6 +1179,8 @@ COMMAND_HANDLER(stm32x_handle_lock_command)
        if (ERROR_OK != retval)
                return retval;
 
+       CALL_COMMAND_HANDLER(flash_print_protection_warning, 0);
+
        if (stm32x_erase_options(bank) != ERROR_OK) {
                command_print(CMD, "stm32x failed to erase options");
                return ERROR_OK;
diff --git a/src/flash/nor/stm32f2x.c b/src/flash/nor/stm32f2x.c
index c1283bb..41a5f0b 100644
--- a/src/flash/nor/stm32f2x.c
+++ b/src/flash/nor/stm32f2x.c
@@ -1451,6 +1451,8 @@ COMMAND_HANDLER(stm32x_handle_lock_command)
                /* return ERROR_TARGET_NOT_HALTED; */
        }
 
+       CALL_COMMAND_HANDLER(flash_print_protection_warning, 0);
+
        if (stm32x_read_options(bank) != ERROR_OK) {
                command_print(CMD, "%s failed to read options", 
bank->driver->name);
                return ERROR_OK;
diff --git a/src/flash/nor/stm32l4x.c b/src/flash/nor/stm32l4x.c
index c8055cd..93c4bf9 100644
--- a/src/flash/nor/stm32l4x.c
+++ b/src/flash/nor/stm32l4x.c
@@ -1093,6 +1093,8 @@ COMMAND_HANDLER(stm32l4_handle_lock_command)
                return ERROR_TARGET_NOT_HALTED;
        }
 
+       CALL_COMMAND_HANDLER(flash_print_protection_warning, 0);
+
        /* set readout protection level 1 by erasing the RDP option byte */
        if (stm32l4_write_option(bank, STM32_FLASH_OPTR, 0, 0x000000FF) != 
ERROR_OK) {
                command_print(CMD, "%s failed to lock device", 
bank->driver->name);
diff --git a/src/flash/nor/stm32lx.c b/src/flash/nor/stm32lx.c
index e6473f8..99b2b3c 100644
--- a/src/flash/nor/stm32lx.c
+++ b/src/flash/nor/stm32lx.c
@@ -342,6 +342,8 @@ COMMAND_HANDLER(stm32lx_handle_lock_command)
        if (ERROR_OK != retval)
                return retval;
 
+       CALL_COMMAND_HANDLER(flash_print_protection_warning, 0);
+
        retval = stm32lx_lock(bank);
 
        if (retval == ERROR_OK)
diff --git a/src/flash/nor/tcl.c b/src/flash/nor/tcl.c
index bd313a0..3dc04f1 100644
--- a/src/flash/nor/tcl.c
+++ b/src/flash/nor/tcl.c
@@ -1223,6 +1223,13 @@ COMMAND_HANDLER(handle_flash_init_command)
        return flash_init_drivers(CMD_CTX);
 }
 
+COMMAND_HELPER(flash_print_protection_warning, int dummy)
+{
+       command_print(CMD, "Enabling protection. Please regularly check the CVE 
database"
+                       " and other sources if you count on the security of 
this feature.");
+       return ERROR_OK;
+}
+
 static const struct command_registration flash_config_command_handlers[] = {
        {
                .name = "bank",

-- 


_______________________________________________
OpenOCD-devel mailing list
OpenOCD-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openocd-devel

[OpenOCD-devel] [PATCH]: 2e6fee6 flash: nor: add an educational message regarding MCU locking security

Reply via email to