From: Joel Stanley <joel@jms.id.au>
To: Zev Weiss <zev@bewilderbeest.net>
Cc: Andrew Jeffery <andrew@aj.id.au>,
OpenBMC Maillist <openbmc@lists.ozlabs.org>,
Ryan Chen <ryan_chen@aspeedtech.com>
Subject: Re: [PATCH u-boot v2019.04-aspeed-openbmc] aspeed: add CONFIG_ASPEED_ISOLATE_BMC
Date: Thu, 14 Apr 2022 08:56:49 +0000 [thread overview]
Message-ID: <CACPK8Xd3HnX1angrhtb1UC5Zaa08n8emKp5Og9QEsm9yp-wpTA@mail.gmail.com> (raw)
In-Reply-To: <YlfePCrv0TBYtNHJ@hatter.bewilderbeest.net>
On Thu, 14 Apr 2022 at 08:41, Zev Weiss <zev@bewilderbeest.net> wrote:
>
> On Thu, Apr 14, 2022 at 01:13:37AM PDT, Joel Stanley wrote:
> >On Thu, 14 Apr 2022 at 04:05, Zev Weiss <zev@bewilderbeest.net> wrote:
> >>
> >> This provides the functionality of the OpenBMC df-isolate-bmc distro
> >> feature flag, and is very directly derived from Andrew Jeffery's patch
> >> in the OpenBMC tree for the v2016.07 u-boot branch. The
> >> implementation currently only supports ast2500, though ast2400 and
> >> ast2600 support should be fairly simple extensions.
> >>
> >> Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
> >> ---
> >>
> >> This is meant more as something of an RFC to see if this seems like
> >> approximately the right way of going about this (since as far as I can
> >> see the existing df-isolate-bmc implementation only supports the old
> >> 2016 u-boot branch), but if it looks OK I suppose it could potentially
> >> go in as-is.
> >
> >Thanks for doing this. The only potential change I can suggest is we
> >make each bit of hardware a different option (or we allow it to be
> >configured in the device tree). That assumes someone has a use case
> >for leaving one of the backdoorts open but closing the others.
> >
>
> This possibility came up on Discord with Andrew earlier -- I agree it'd
> be nice to have somewhat more fine-grained control over it, though I'm
> not aware of any platforms that really need it at the moment. I'm
> certainly not as well-versed as Andrew in the precise details of exactly
> how all the various busses interact in different circumstances (this was
> just a fairly mechanical translation of his patch), so I'm not 100%
> confident I wouldn't unwittingly introduce screwy combinations with a
> more fine-grained set of config options (mostly w.r.t. to the LPC & iLPC
> stuff).
Okay. Let this thread be a guide for the person who wants to follow up
with that work.
> >I suggest we invert the meaning of the option. The default should be
> >turn off the backdoors, and someone can optionally re-enable them by
> >selecting the option.
> >
>
> I was tempted to make it 'default y' (i.e. secure-by-default), but the
> possibility of compatibility breaks with existing systems that might
> depend on the current insecure-by-default arrangement gave me pause. If
> we don't think that's a big concern though I'm happy to flip the sense
> of it and have the more aggressive default.
Given the impact of having these left accidentally open, I think we're
doing the industry a favour by closing them off.
This aligns the 2500 with the 2600 which defaults to the backdoors
closed from A3 in silicon, and for all systems running their u-boot
SDK (which the openbmc tree is based on):
https://github.com/AspeedTech-BMC/u-boot/blob/v00.04.10/arch/arm/mach-aspeed/ast2600/platform.S#L307
>
> >config ASPEED_ALLOW_BACKDOORS?
>
> Sounds reasonable to me, though maybe s/ALLOW/ENABLE/?
Yep, go for it.
next prev parent reply other threads:[~2022-04-14 8:57 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 4:04 [PATCH u-boot v2019.04-aspeed-openbmc] aspeed: add CONFIG_ASPEED_ISOLATE_BMC Zev Weiss
2022-04-14 8:13 ` Joel Stanley
2022-04-14 8:41 ` Zev Weiss
2022-04-14 8:56 ` Joel Stanley [this message]
2022-04-14 9:59 ` Zev Weiss
2022-04-14 10:32 ` Joel Stanley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACPK8Xd3HnX1angrhtb1UC5Zaa08n8emKp5Og9QEsm9yp-wpTA@mail.gmail.com \
--to=joel@jms.id.au \
--cc=andrew@aj.id.au \
--cc=openbmc@lists.ozlabs.org \
--cc=ryan_chen@aspeedtech.com \
--cc=zev@bewilderbeest.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).