Hi, On Tue, Jun 23, 2020 at 6:36 AM Pavel Machek <pavel@xxxxxx> wrote: > > Hi! > > > This patch adds support for blowing fuses to the qfprom driver if the > > required properties are defined in the device tree. > > Should we have this in kernel? > > If so, should we make it harder to use, like passing module parameter > enabling this kind of support or something? Kconfig option as most users > will not need this so this should be compiled out? > > Pavel It's definitely a good question. I'm curious: who are you trying to protect these fuses from? A bumbling user or a malicious bit of code. For a bumbling user we presumably just need something that makes it not quite so easy to blow the fuses. Passing a module parameter isn't a bad idea. Would the module parameter only take effect if provided when the module was loaded, or could it be switched on later via sysfs? For a malicious bit of code: the only real protection is to have the bootloader protect these, or to blow the fuses which disable future fuses from being blown (the access permission fuses). Otherwise malicious code could always just code up its own driver to bypass any protections. NOTE: if we already have protection from malicious code by having the bootloader configure protections, I wonder if we still need additional protections against a bumbling user? -Doug
