[PATCH] usb: gadget: sdp: Option to enable SDP read register command
Marek Vasut
marex at denx.de
Sun Aug 13 22:01:09 CEST 2023
On 8/13/23 10:39, Loic Poulain wrote:
> The SDP read register command can be used to read any memory
> mapped address of the device (ddr, registers...). It can then
> be exploited by an attacker to access sensitive data/values,
> especially when running SDP from SPL, as SPL runs with highest
> privileges in ARM secure mode.
>
> Without read, SDP still useful to bootstrap and jump on (signed)
> blob such as u-boot with write and jump commands, but reading
> is optional in that case (debug purpose).
>
> NXP SoCs usually have a dedicated SDP_READ_DISABLE fuse to disable
> SDP read command in their ROM SDP implementation, so it seems quite
> reasonable to make it optional from u-boot/spl as well.
If there is a fuse, why not read the fuse and disable READ based on that
fuse instead ?
More information about the U-Boot
mailing list