[PATCH] usb: gadget: sdp: Option to enable SDP read register command

Marek Vasut marex at denx.de
Fri Sep 1 12:32:21 CEST 2023


On 9/1/23 12:03, Loic Poulain wrote:
> Hi Marek,
> 
> On Mon, 14 Aug 2023 at 01:53, Marek Vasut <marex at denx.de> wrote:
>>
>> On 8/13/23 10:39, Loic Poulain wrote:
>>> The SDP read register command can be used to read any memory
>>> mapped address of the device (ddr, registers...). It can then
>>> be exploited by an attacker to access sensitive data/values,
>>> especially when running SDP from SPL, as SPL runs with highest
>>> privileges in ARM secure mode.
>>>
>>> Without read, SDP still useful to bootstrap and jump on (signed)
>>> blob such as u-boot with write and jump commands, but reading
>>> is optional in that case (debug purpose).
>>>
>>> NXP SoCs usually have a dedicated SDP_READ_DISABLE fuse to disable
>>> SDP read command in their ROM SDP implementation, so it seems quite
>>> reasonable to make it optional from u-boot/spl as well.
>>
>> If there is a fuse, why not read the fuse and disable READ based on that
>> fuse instead ?
> 
> Well, fuse is more a way to tune a specific ROM code here, not the software.

The way I read the commit message, when the fuse is set, the READ 
functionality should be disabled, to avoid any READs, right ?

> It would be more generic to make it a build config like other features, and one
> may purposely force SDP READ in SPL, even if disabled at ROM level. That
> said we could also introduce a weak board_sdp_read_allowed() function...
> 
> Let me know what you prefer.

I think the weak default function would be a good approach.

[...]


More information about the U-Boot mailing list