From: Michael Lawnick <ml.lawnick@gmx.de>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>,
The development of GNU GRUB <grub-devel@gnu.org>
Cc: Paul Menzel <pmenzel@molgen.mpg.de>
Subject: Re: [PATCH v2 1/2] efi: SPI NOR flash support
Date: Thu, 11 Feb 2021 13:50:31 +0100 [thread overview]
Message-ID: <60272707-3e9c-2f7c-ceed-3ce1337f65b2@gmx.de> (raw)
In-Reply-To: <f121d27b-7ad0-bde2-11f8-25f7e2099dd5@gmx.de>
Am 11.02.2021 um 09:51 schrieb Heinrich Schuchardt:
> On 11.02.21 08:36, Michael Lawnick wrote:
>>
>> Hi,
>>
>> seven days of silence. In the end no interest for extending EFI support?
>>
>> KR
>> Michael
>>
>> Am 05.02.2021 um 09:58 schrieb Michael Lawnick:
>>> Add EFI SPI NOR driver
>>>
>>> Use UEFI interface for accessing SPI NOR flashes.
>>> If supported the implementation of UEFI boot software abstracts
>>> away all those ugly H/W details like SPI controller or protocol.
>>> Provided functions:
>>> grub_efi_spi_nor_
>>> init
>>> erase
>>> write
>>> read
>>> flash_size
>>> flash_id
>>> erase_block_size
>>>
>>> This driver might be used for further abstraction to a common
>>> (SPI) flash interface.
>>>
>
> A commit message should describe what the patch is good for.
>
> What is the use case for GRUB accessing SPI?
Many industrial systems use SPI flash as primary boot source. And most
times there are changeable parameters to be stored.
>
> In your second patch you introduce a command to write and erase the SPI
> flash. Hopefully the firmware has disabled writes.
>
> GRUB writing to SPI would mean that a user program could introduce
> malware into the firmware by adding said command to grub.cfg.
>
> This would be a gross security issue. Hopefully the firmware has locked
> the SPI flash before entering GRUB.
>
> SPI flash updates should be effected via signed UEFI update capsules and
> not via GRUB.
Hi,
write protection is system architecture issue. If sensitive sections
aren't protected S/W support for access won't change that. Latest in O/S
state the devices can be accessed.
On (many/some) x86 SoC I know it is BIOS which configures read/write
protection, on my current ARM based system it is a combination of
security level for complete boot device and H/W protection pin for
unchangeable section in data device.
In our company's area we do have H/W protection enabled on root of trust
part and verification on module chain.
Several boot parameters are stored in our SPI flash to configure the
systems for different use cases.
I have the impression that your view is coming from x86/desktop
direction. I am coming from embedded systems.
KR
Michael
next prev parent reply other threads:[~2021-02-11 12:50 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-05 8:58 [PATCH v2 1/2] efi: SPI NOR flash support Michael Lawnick
2021-02-05 9:02 ` [PATCH v2 2/2] efi: SPI NOR flash command line Michael Lawnick
2021-02-12 9:20 ` Michael Lawnick
2021-02-16 13:28 ` Paul Menzel
2021-02-11 7:36 ` [PATCH v2 1/2] efi: SPI NOR flash support Michael Lawnick
2021-02-11 7:36 ` Paul Menzel
2021-02-11 8:51 ` Heinrich Schuchardt
2021-02-11 12:50 ` Michael Lawnick [this message]
2021-02-11 14:04 ` Heinrich Schuchardt
2021-02-11 16:01 ` Michael Lawnick
2021-02-11 17:16 ` Heinrich Schuchardt
2021-02-12 9:17 ` Michael Lawnick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=60272707-3e9c-2f7c-ceed-3ce1337f65b2@gmx.de \
--to=ml.lawnick@gmx.de \
--cc=grub-devel@gnu.org \
--cc=pmenzel@molgen.mpg.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.