> -----Original Message----- > From: platform-driver-x86-owner@xxxxxxxxxxxxxxx <platform-driver-x86- > owner@xxxxxxxxxxxxxxx> On Behalf Of Richard Hughes > Sent: Thursday, May 7, 2020 1:47 PM > To: Limonciello, Mario > Cc: Platform Driver; linux-security-module > Subject: Re: [PATCH] platform/x86: Export LPC attributes for the system SPI > chip > > > [EXTERNAL EMAIL] > > On Thu, 7 May 2020 at 18:45, <Mario.Limonciello@xxxxxxxx> wrote: > > To echo Andy's question, I would wonder if it makes sense to just export > > these attributes in securityfs directly from the intel-spi-pci driver rather > > than to have another driver in platform-x86 to get the information. > > The "DANGEROUS" in the SPI_INTEL_SPI_PCI and SPI_INTEL_SPI_PLATFORM > worried me somewhat. I'm guessing this is why most distros don't > compile it as a module by default. If the module isn't actually still > considered dangerous, and we can remove the warning I can of course > respin my patch on top of that instead. > > Richard. Well reading the documentation for it can explain why it's potentially dangerous. If a manufacturer hasn't properly configured lock down bits like those you're trying to expose, that would allow doing dangerous things. https://www.kernel.org/doc/html/latest/driver-api/mtd/intel-spi.html " The intel-spi driver makes it possible to read and write the SPI serial flash, if certain protection bits are not set and locked. If it finds any of them set, the whole MTD device is made read-only to prevent partial overwrites. By default the driver exposes SPI serial flash contents as read-only but it can be changed from kernel command line, passing “intel-spi.writeable=1”. "
