Re: [RFC PATCH 0/3] mtd: nand: add randomizer support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Thu, May 01, 2014 at 10:56:06PM +0200, Boris BREZILLON wrote:

> > However, with a synchronous scrambler the security concern boils down
> > to how robust and unpredictable is the PRBS.
> 
> I'm not sure security is the main concern here.
> AFAICT, NAND scramblers (note that I stopped using the name "randomizer"
> :-)) is mainly used to avoid large island of identical data, because
> some NAND chips are sensible to such patterns (see [1] page 14).

Right, if you send to the flash 'the wrong data' then some combination of:
1) Retention time till ECC failure is reduced
2) The flash block is permanently damaged early
3) A 'nearby', unrelated flash block has ECC failure due to interference

So, if someone deliberately and maliciously defeats the scrambler and
deliberately sends in wrong data what happens?
 1/3) Delibrate, predictable file system corruption
 2) Create device damage and significantly early replacement of the device.
All could lead to a DOS attack of some sort, at a minimum.

FWIW, there was a similar attack against a certain communication
system. The line scrambler was statistically predictable, and if an
attacker sent enough packets that were the predictable anti-scramble
then enough would align with the scamble pattern and the
communication channel would fail and retrain creating a DOS vector.

For this reason these days com systems tend to use a 58 bit
self-synchronous LFSR for scrambling purposes.

> And this is exactly what's done in the sunxi HW  scrambler
> implementation, or at least you can do it based on what you're
> specifying in your DT (see the "nand-randomizer-seeds" in the 3rd
> patch): you can define a seed table and the seed is selected based on
> the page number you're reading or writing.

Well, re-using fixed (and public) seeds:

 state = rnd->seeds[page % rnd->nseeds];

Just changes the probabilities. For instance, some filesystems can be
asked to create extents with a large alignment (like 2M) to speed IOs,
and a small seeds table means the seeds within such a file will be
fully predictable.

If you are already stuck with this, then fine, it can be a driver
specific binding - but if this is a new green-field design, intended
to be broadly used as a core MTD feature:

I'd suggest just seeding with the block number xor some value, and
using a LFSR with a state space larger than the number of blocks in
the device, and don't specify a seeds array in DT.

Regards,
Jason
--
To unsubscribe from this list: send the line "unsubscribe devicetree" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Device Tree Compilter]     [Device Tree Spec]     [Linux Driver Backports]     [Video for Linux]     [Linux USB Devel]     [Linux PCI Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Yosemite Backpacking]
  Powered by Linux