From xypron.glpk at gmx.de Sun Mar 29 22:19:29 2020 From: xypron.glpk at gmx.de (Heinrich Schuchardt) Date: Sun, 29 Mar 2020 22:19:29 +0200 Subject: eMMC: power on protection of boot areas Message-ID: <81370a3e-440c-7475-1648-e14c88fc3643@gmx.de> Currently U-Boot does not protect the boot areas of eMMC devices. This may lead to an unsolicited replacement of the boot loader. In https://gitlab.denx.de/u-boot/custodians/u-boot-efi/-/tree/mmc I have added a command 'mmc wp' to enable power on boot protection for the boot areas and enhanced command 'mmc info' to display the protection. I am still contemplating what should be protected on an eMMC device: There is a permanent write protection for boot areas. If this property is set updates are no longer possible. This capability can be permanently disabled (flag B_PERM_WP_DIS in BOOT_WP register of extended CSD [1]). The same exists for the user area. eMMCs can be password protected. This protection might be used as a denial of service vector. The password protection feature can be permanently disabled (flag PERM_PSWD_DIS in USER_WP register of extended CSD). Protecting the boot areas via command 'mmc wp' requires a boot script for automatic execution. Should we enable power on boot area protection inside the boot commands whenever they are called (as a customizable feature)? [1] Embedded Multi-Media Card (e?MMC) Electrical Standard (5.1) JESD84-B51, 2015 Best regards Heinrich From trini at konsulko.com Tue Mar 31 01:31:00 2020 From: trini at konsulko.com (Tom Rini) Date: Mon, 30 Mar 2020 19:31:00 -0400 Subject: [ANN] U-Boot v2020.04-rc4 released Message-ID: <20200330233100.GS27133@bill-the-cat> Hey all, So, I've gotten out of the habit of tagging rcs on cycle. This month I have been taking in changes sparingly and I'm not concerned that things have gone in that wouldn't have, if I had tagged -rc4/rc5 on schedule. Things have been going to the -next branch as expected, and I think that will work out when things open up for v2020.07 So here now is -rc4 and I plan to make the final release on April 6th, as scheduled. Thanks all and stay safe out there! -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: not available URL: