eMMC: power on protection of boot areas

Heinrich Schuchardt xypron.glpk at gmx.de
Sun Mar 29 22:19:29 CEST 2020

Currently U-Boot does not protect the boot areas of eMMC devices. This
may lead to an unsolicited replacement of the boot loader.

In https://gitlab.denx.de/u-boot/custodians/u-boot-efi/-/tree/mmc I have
added a command 'mmc wp' to enable power on boot protection for the boot
areas and enhanced command 'mmc info' to display the protection.

I am still contemplating what should be protected on an eMMC device:

There is a permanent write protection for boot areas. If this property
is set updates are no longer possible. This capability can be
permanently disabled (flag  B_PERM_WP_DIS in BOOT_WP register of
extended CSD [1]). The same exists for the user area.

eMMCs can be password protected. This protection might be used as a
denial of service vector. The password protection feature can be
permanently disabled (flag PERM_PSWD_DIS in USER_WP register of extended

Protecting the boot areas via command 'mmc wp' requires a boot script
for automatic execution. Should we enable power on boot area protection
inside the boot commands whenever they are called (as a customizable

[1] Embedded Multi-Media Card (e•MMC) Electrical Standard (5.1)
     JESD84-B51, 2015

Best regards


More information about the U-Boot-Custodians mailing list