From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1lACaY-0003OM-TO
	for mharc-grub-devel@gnu.org; Thu, 11 Feb 2021 09:04:59 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:52458)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <xypron.glpk@gmx.de>)
 id 1lACaW-0003JS-2H
 for grub-devel@gnu.org; Thu, 11 Feb 2021 09:04:56 -0500
Received: from mout.gmx.net ([212.227.15.19]:51781)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <xypron.glpk@gmx.de>)
 id 1lACaL-000293-Ds
 for grub-devel@gnu.org; Thu, 11 Feb 2021 09:04:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
 s=badeba3b8450; t=1613052275;
 bh=7lbHlUMJvTs1Ky3kOuHsnnxjlL2NISkk+XrhjTQziss=;
 h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To;
 b=Exrt/4NLNit471OYwBIfpwohJKLTnmiJ4amJUQZ59U3Z9pW9mcm3WyDQsZMvOEiiI
 b/4+fS2VeFNSTYjRNxRIPCeIfX9SFsB8dKUst+f/8cso9HX2DnRUC1Wsn2eRasHTxp
 dZclqPOnUjcaLMEI7GOctC9FlO1sNTPVv8ESRs9w=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.123.70] ([62.143.246.89]) by mail.gmx.net (mrgmx004
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1N5VDE-1lzUsL1DeU-016wYi; Thu, 11
 Feb 2021 15:04:35 +0100
Subject: Re: [PATCH v2 1/2] efi: SPI NOR flash support
To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: Paul Menzel <pmenzel@molgen.mpg.de>,
 Michael Lawnick <michael.lawnick@nokia.com>
References: <dbb0132e-54d1-f1ca-4d42-fbf81d8e9c86@gmx.de>
 <521ca300-6d1e-94ed-c87d-f4005a1f7870@gmx.de>
 <f121d27b-7ad0-bde2-11f8-25f7e2099dd5@gmx.de>
 <60272707-3e9c-2f7c-ceed-3ce1337f65b2@gmx.de>
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Message-ID: <ab9f7368-d882-1114-7bab-935a56dba529@gmx.de>
Date: Thu, 11 Feb 2021 15:04:30 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <60272707-3e9c-2f7c-ceed-3ce1337f65b2@gmx.de>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:aTmxjCv/KO3WZuGvvPjSMWaczQaEAY0P5AuAYIb6zBPqui5708S
 PZR501wzH9EvLgHL99Ygbp2cr6j5ys592JcKN1n716/QzJFKrrx3gn3UgdG+32RjLPqJEpM
 jPtcwubTtBAkxOuJ43Ip0UVFV9elOPDmqV2oiZHaB3SKb0tqP/NxKguMmiYpsccpwPbRlEB
 /Vno5FpL1/C4SzepGrCpQ==
X-UI-Out-Filterresults: notjunk:1;V03:K0:AgFhrEcOoew=:rHsxT6SUA8DXhUAC7U0FMM
 inGBYryZ4XuOsL1h+6TYLEZzCXl90xg4fyGWYWE7dk7HxtrM3nyPAECtZMF/X0+sqBjaKj4Yd
 PpxWK2/Uw/XLSEHYAOpQVRMFhIA0Zm+CFcR6ppKDOWs+BgB1mWTU8tJuD7BmB52I6PCrsHJyL
 QO+nmX2Hh18wiruz7a+r7a4Ve91K6mCAq+pCgwQ9lhHAG+XHTv2h2tI+ID6w2UzRTC+sPqyFo
 4N1bQgDAQQeLQhZezH1Kqi7wIXudPvEVg9O2oLh5Qc9PonkGYY4Tvl/lDGovxrcyY12XP6kNd
 u6tXWQ+row6Hd+BYYNTfk3a3jf/Gbu19UR2jpe4jIUIpnXnbvP9GzbY/3rJGP64ullaAkuzcu
 hONln/Q3Cy+T3f1knHY9zovwGuOc4l2SCuMGqzXDr2JHQasolGT1DauLVD1WleOAoZ34PxO6M
 UhZ6/lRWTv4IInLkE2y+lONG3zhx5D68l0AZcJYcusEzGtf/Oz7QMR77JzbydOnaCoizoFbFa
 ldp3E0DXkpZMTpmMGGF6hbYd0scY1+QlkjV0wx8Mnwov3diXD8fTevNLk9v6wiuk4lMIm/a+d
 2XyFavrTvM0Z9rAaP3RyoK1rkjWGBFmbrAbgb72/30+3g3Z3zX0936qqzRr3GYqoR+nCInD26
 S82EeiB7SoczwFzG1qTKGPgRjmojbt6N2gse86sZs4IpofNCr4a2u/1tRUIytGI5JdF9b/rrk
 K6outisw5mOroY0Z2jgxflAIbxB5b6ZUzlXe2HZ43LjeXntKtC/mJVOgDO7q1SQ1y0Uq6piVh
 YvSRFR+qBvFS2S3EoL0L/6uUme/eAWYvMwZHweafpSKb05XyrZjMlsWxyN1xSjiNDU9UsnRUO
 oFiGyRptByAVsKHSNEjg==
Received-SPF: pass client-ip=212.227.15.19; envelope-from=xypron.glpk@gmx.de;
 helo=mout.gmx.net
X-Spam_score_int: -26
X-Spam_score: -2.7
X-Spam_bar: --
X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.119,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 14:04:57 -0000

On 11.02.21 13:50, Michael Lawnick wrote:
> Am 11.02.2021 um 09:51 schrieb Heinrich Schuchardt:
>> On 11.02.21 08:36, Michael Lawnick wrote:
>>>
>>> Hi,
>>>
>>> seven days of silence. In the end no interest for extending EFI suppor=
t?
>>>
>>> KR
>>> Michael
>>>
>>> Am 05.02.2021 um 09:58 schrieb Michael Lawnick:
>>>> Add EFI SPI NOR driver
>>>>
>>>> Use UEFI interface for accessing SPI NOR flashes.
>>>> If supported the implementation of UEFI boot software abstracts
>>>> away all those ugly H/W details like SPI controller or protocol.
>>>> Provided functions:
>>>> grub_efi_spi_nor_
>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0init
>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0erase
>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0write
>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0read
>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0flash_size
>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0flash_id
>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0erase_block_size
>>>>
>>>> This driver might be used for further abstraction to a common
>>>> (SPI) flash interface.
>>>>
>>
>> A commit message should describe what the patch is good for.
>>
>> What is the use case for GRUB accessing SPI?
>
> Many industrial systems use SPI flash as primary boot source. And most
> times there are changeable parameters to be stored.
>
>>
>> In your second patch you introduce a command to write and erase the SPI
>> flash. Hopefully the firmware has disabled writes.
>>
>> GRUB writing to SPI would mean that a user program could introduce
>> malware into the firmware by adding said command to grub.cfg.
>>
>> This would be a gross security issue. Hopefully the firmware has locked
>> the SPI flash before entering GRUB.
>>
>> SPI flash updates should be effected via signed UEFI update capsules an=
d
>> not via GRUB.
>
> Hi,
>
> write protection is system architecture issue. If sensitive sections
> aren't protected S/W support for access won't change that. Latest in O/S
> state the devices can be accessed.
> On (many/some) x86 SoC I know it is BIOS which configures read/write
> protection, on my current ARM based system it is a combination of
> security level for complete boot device and H/W protection pin for
> unchangeable section in data device.
> In our company's area we do have H/W protection enabled on root of trust
> part and verification on module chain.
> Several boot parameters are stored in our SPI flash to configure the
> systems for different use cases.

I still do not understand why you need access in GRUB. You can read and
write the SPI flash in U-Boot on your embedded system.

Maybe you could provide a short example script showing how the new
command would fit into the GRUB boot flow.

Best regards

Heinrich

>
> I have the impression that your view is coming from x86/desktop
> direction. I am coming from embedded systems.
>
> KR
> Michael