RE: [PATCH] platform/x86: Export LPC attributes for the system SPI chip

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: platform-driver-x86-owner@xxxxxxxxxxxxxxx <platform-driver-x86-
> owner@xxxxxxxxxxxxxxx> On Behalf Of Richard Hughes
> Sent: Thursday, May 7, 2020 1:47 PM
> To: Limonciello, Mario
> Cc: Platform Driver; linux-security-module
> Subject: Re: [PATCH] platform/x86: Export LPC attributes for the system SPI
> chip
> 
> 
> [EXTERNAL EMAIL]
> 
> On Thu, 7 May 2020 at 18:45, <Mario.Limonciello@xxxxxxxx> wrote:
> > To echo Andy's question, I would wonder if it makes sense to just export
> > these attributes in securityfs directly from the intel-spi-pci driver rather
> > than to have another driver in platform-x86 to get the information.
> 
> The "DANGEROUS" in the SPI_INTEL_SPI_PCI and SPI_INTEL_SPI_PLATFORM
> worried me somewhat. I'm guessing this is why most distros don't
> compile it as a module by default. If the module isn't actually still
> considered dangerous, and we can remove the warning I can of course
> respin my patch on top of that instead.
> 
> Richard.

Well reading the documentation for it can explain why it's potentially dangerous.
If a manufacturer hasn't properly configured lock down bits like those you're trying
to expose, that would allow doing dangerous things.

https://www.kernel.org/doc/html/latest/driver-api/mtd/intel-spi.html
"
 The intel-spi driver makes it possible to read and write the SPI serial flash, if 
certain protection bits are not set and locked. If it finds any of them set, the 
whole MTD device is made read-only to prevent partial overwrites.
By default the driver exposes SPI serial flash contents as read-only but it can
be changed from kernel command line, passing “intel-spi.writeable=1”.
"




[Index of Archives]     [Linux Kernel Development]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux