[PATCH] tools: k3_gen_x509_cert: Allow selecting early JTAG debug value

Lokesh Vutla lokeshvutla at ti.com
Fri Apr 24 07:10:46 CEST 2020 


On 23/04/20 6:12 PM, Andrew F. Davis wrote:
> On 4/23/20 2:38 AM, Lokesh Vutla wrote:
>>
>>
>> On 22/04/20 10:39 PM, Andrew F. Davis wrote:
>>> When authenticating the initial boot binary the ROM will check a debug
>>> type value in the certificate and based on that open JTAG access to that
>>> core.
>>>
>>> The default is currently full access, on HS this is useful for early
>>> developers, but should not be the default as to prevent end system
>>> integrators from unintentionally leaving this open.
>>
>> Won't JTAG access is useful for early developers. UART as well not available at
>> this point. What we offer out of the box is not a production ready secure
>> system.  I would prefer to have it enabled by default.
>>
> 
> 
> Who are these early developers? Pre-SYSFW on HS is a harsh environment,
> firewalls and other pitfalls limit one to only what is needed to get
> SYSFW loaded. Only a handful of folks will ever touch the source this
> early, and they will be using a GP device for that development, in which
> case debug is enabled, even with this change.
> 
> I'd guess I'm the only developer touching code this early on HS, I say

For how long you are guaranteeing that? This cannot be an assumption for making
default options.

> this as so far I'm the only one who has noticed that there is a ROM
> issue that makes early debug on HS almost unusable.
> 
> Accidentally leaving this open completely defeats the chain of trust, I
> guarantee some production system will do this if we leave JTAG open by
> default, it happens all the time.

Did you audit all other default options?

> 
> So debug doesn't work here anyway, no one uses it and those who do can
> flip this bit with the command line flag, and leaving it on will lead to
> a huge security issue for one of our customers.

Then please split this change into two patches.
1- adding a command line option.
2- changing the default options with reasons clearly mentioned in the commit
description.


Thanks and regards,
Lokesh

More information about the U-Boot mailing list