eMMC: power on protection of boot areas
Heinrich Schuchardt
xypron.glpk at gmx.de
Sun Mar 29 22:19:29 CEST 2020
Currently U-Boot does not protect the boot areas of eMMC devices. This
may lead to an unsolicited replacement of the boot loader.
In https://gitlab.denx.de/u-boot/custodians/u-boot-efi/-/tree/mmc I have
added a command 'mmc wp' to enable power on boot protection for the boot
areas and enhanced command 'mmc info' to display the protection.
I am still contemplating what should be protected on an eMMC device:
There is a permanent write protection for boot areas. If this property
is set updates are no longer possible. This capability can be
permanently disabled (flag B_PERM_WP_DIS in BOOT_WP register of
extended CSD [1]). The same exists for the user area.
eMMCs can be password protected. This protection might be used as a
denial of service vector. The password protection feature can be
permanently disabled (flag PERM_PSWD_DIS in USER_WP register of extended
CSD).
Protecting the boot areas via command 'mmc wp' requires a boot script
for automatic execution. Should we enable power on boot area protection
inside the boot commands whenever they are called (as a customizable
feature)?
[1] Embedded Multi-Media Card (e•MMC) Electrical Standard (5.1)
JESD84-B51, 2015
Best regards
Heinrich
More information about the U-Boot
mailing list