Hi Marek, On Mon, 14 Aug 2023 at 01:53, Marek Vasut <ma...@denx.de> wrote: > > On 8/13/23 10:39, Loic Poulain wrote: > > The SDP read register command can be used to read any memory > > mapped address of the device (ddr, registers...). It can then > > be exploited by an attacker to access sensitive data/values, > > especially when running SDP from SPL, as SPL runs with highest > > privileges in ARM secure mode. > > > > Without read, SDP still useful to bootstrap and jump on (signed) > > blob such as u-boot with write and jump commands, but reading > > is optional in that case (debug purpose). > > > > NXP SoCs usually have a dedicated SDP_READ_DISABLE fuse to disable > > SDP read command in their ROM SDP implementation, so it seems quite > > reasonable to make it optional from u-boot/spl as well. > > If there is a fuse, why not read the fuse and disable READ based on that > fuse instead ?
Well, fuse is more a way to tune a specific ROM code here, not the software. It would be more generic to make it a build config like other features, and one may purposely force SDP READ in SPL, even if disabled at ROM level. That said we could also introduce a weak board_sdp_read_allowed() function... Let me know what you prefer. Regards, Loic
