On 9/1/23 12:03, Loic Poulain wrote:
Hi Marek,
On Mon, 14 Aug 2023 at 01:53, Marek Vasut <ma...@denx.de> wrote:
On 8/13/23 10:39, Loic Poulain wrote:
The SDP read register command can be used to read any memory
mapped address of the device (ddr, registers...). It can then
be exploited by an attacker to access sensitive data/values,
especially when running SDP from SPL, as SPL runs with highest
privileges in ARM secure mode.
Without read, SDP still useful to bootstrap and jump on (signed)
blob such as u-boot with write and jump commands, but reading
is optional in that case (debug purpose).
NXP SoCs usually have a dedicated SDP_READ_DISABLE fuse to disable
SDP read command in their ROM SDP implementation, so it seems quite
reasonable to make it optional from u-boot/spl as well.
If there is a fuse, why not read the fuse and disable READ based on that
fuse instead ?
Well, fuse is more a way to tune a specific ROM code here, not the software.
The way I read the commit message, when the fuse is set, the READ
functionality should be disabled, to avoid any READs, right ?
It would be more generic to make it a build config like other features, and one
may purposely force SDP READ in SPL, even if disabled at ROM level. That
said we could also introduce a weak board_sdp_read_allowed() function...
Let me know what you prefer.
I think the weak default function would be a good approach.
[...]
