Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2095487pxa; Mon, 3 Aug 2020 07:23:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxKB7SaZJCE8AE+wLE0aiYpcYfowZM+65125m6rOPlrSC4yF8FP7lqwP1tDm/OoyH2aHrWn X-Received: by 2002:a17:906:1b0e:: with SMTP id o14mr16461469ejg.472.1596464611459; Mon, 03 Aug 2020 07:23:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596464611; cv=none; d=google.com; s=arc-20160816; b=sw5xwL8eN1ZeeroBzJTeA/Lq4dDOROAsql2VmNxtYKx6JomanUFqyIwSdr3m2IfEck fI4gObI7ZTAiq7FEV9/OC+e9rnUJe66vPLgZ21KWwxFpivZDOVwaiENAjspy35Kg2/mm Fn65E/sxK62TUIGAUFN1ByQTp+uzHpUEebbcA81/hKgS4XREAWem+bakFzEyN8wlAyMR 6Dm76UvPRJfyUfdo6Uf25Y4e3SqS39jaGTKlBXmGvUSv7X65GAN6JhioHHQNmg05u42b HbZhYsDD2WW3538aimKe2YuFyCAE/pd35KM+NGhgezYlLVHVioX81aS67u49TtvaUPn+ v0LA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=+6U3fsmoRxsdzTrGF6+v9nKYi2wiEIz1y0w1GdZEAgg=; b=BnVbX5tENPhmjbg+kVXuekkaBD9/lOKqPxGMeQ8pg1udGPZvQFJrY+YHrGOLsDzcwN Vrj3zxaHPfao5+nvBQXtTax7UfBSEsnDmUQDUbCso5wVC7bI0q8Jl/SHz2VjMNPhPcu1 xNdSeoh8AlM5K1GYc6Gc83mRupvkE+1UUzANetfZ6rnWj9M3UbYPnHzaLg9BDX2CWyL4 crVAqp2PAOv2Tw/E4troeihqYXZOD28dmtsKWgz10r72/AhudFdtoS+Re/Ar6M6eyziR pH+zs8/fsqKqCqRsRvOZ2188vxhPfhl4w/e+dzr+jvtsf7znGB28CPDuHdUAHrA5Yaew O5tA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@eclypsium.com header.s=google header.b="c/rMlTX+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=eclypsium.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x7si10441793ejv.609.2020.08.03.07.23.09; Mon, 03 Aug 2020 07:23:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@eclypsium.com header.s=google header.b="c/rMlTX+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=eclypsium.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728013AbgHCOWO (ORCPT + 99 others); Mon, 3 Aug 2020 10:22:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726358AbgHCOWL (ORCPT ); Mon, 3 Aug 2020 10:22:11 -0400 Received: from mail-qk1-x743.google.com (mail-qk1-x743.google.com [IPv6:2607:f8b0:4864:20::743]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BE1CBC06174A for ; Mon, 3 Aug 2020 07:22:11 -0700 (PDT) Received: by mail-qk1-x743.google.com with SMTP id x69so35269243qkb.1 for ; Mon, 03 Aug 2020 07:22:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eclypsium.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+6U3fsmoRxsdzTrGF6+v9nKYi2wiEIz1y0w1GdZEAgg=; b=c/rMlTX+pF6DK6cNfyzRR5HU0imloK+lrQAGqCCO6KFukqa/DOaBBJ7ijihiEJHzUK Uh/tdNJ2H/Xs0VbunlCTw8cW1sCiVImy+oifN5UTi/TdhJxb6gCwWDhXCf6BF8usd5Sf mqECCzILP1BjGuZkgyEvCEOGQuJGzRyqbV/zCcAxJu9WQYNcBWzN+bqa1KZf9qyoH6RR zhhRYTwF75PNg0gYm2tVKVXxoy8lE1gQz+wBI/idkkZ0QdzlTZgzpwanuuggQPScxu+c qb1C4xHtXgP2HWSrtMCDNtX22U0WpvctYjQiANkSKfZQsXpuK+FV0myoNFx+dTXcKupY RUqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+6U3fsmoRxsdzTrGF6+v9nKYi2wiEIz1y0w1GdZEAgg=; b=a6S2J28XGcJe5Tp09t9rjfGdNfUbqxT/Wf/KJJL9eyatF8SSCW+FALw+gSj6l6PdB8 DzqzEbvafUjNE15MLcFcVo5RLMk8cCK8TMo79FuMcuHFrF02OETWOfitCruah8E7R+O1 NWSsQvdx4LYftD+Y+ys81IzZreEE4vlUBiAZxQzgvH+fxnIOQbYaVbvEyXi6NYwhiKFj 7nuORlqXWEmT2S55shZCafnSQX5TTMU9Iqv4q5ua8pjTmKg4SSIvJCG1hiErax5a96t5 XQeTPkL9gLcefkFCCHm8GjqAMQr+HKggDDp7CfAZrGzq6/yQ/ZjFUY4n1PsKiXfkaoij Rpkw== X-Gm-Message-State: AOAM530oV4LmwltYkwHa0PZZsU5tVy6WBQETMK0XDP4WbV+b5zZCZORb A8i+tDSBhH+aehPNAYk3k4MquPm2j+4curVZq3ay7w== X-Received: by 2002:a37:b6c5:: with SMTP id g188mr15413581qkf.1.1596464530649; Mon, 03 Aug 2020 07:22:10 -0700 (PDT) MIME-Version: 1.0 References: <20200803134449.72502-1-daniel.gutson@eclypsium.com> In-Reply-To: From: Daniel Gutson Date: Mon, 3 Aug 2020 11:21:59 -0300 Message-ID: Subject: Re: [PATCH] Remove attempt by intel-spi-pci to turn the SPI flash chip writeable To: Arnd Bergmann Cc: Tudor Ambarus , Miquel Raynal , Richard Weinberger , Vignesh Raghavendra , Mika Westerberg , Boris Brezillon , linux-mtd , "linux-kernel@vger.kernel.org" , Alex Bazhaniuk , Richard Hughes , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 3, 2020 at 10:55 AM Arnd Bergmann wrote: > > On Mon, Aug 3, 2020 at 3:45 PM Daniel Gutson > wrote: > > > However, this flag applies only for a number of devices, coming from the > > platform driver, whereas the devices detected through the PCI driver > > (intel-spi-pci) are not subject to this check since the configuration > > takes place in intel-spi-pci which doesn't have an argument. > > This part of the description sounds wrong: the current behavior is that > the BIOS setting is ignored for PCI devices and it only uses the module > parameter, the same way as it does for the platform driver. Actually, the BIOS setting is not ignored, since it is not bypassable. There is a lock in the BIOS setting, that, if enabled no matter what the driver does, it will be still read only. However, if that lock is not set, the SPI chip will be writable because of the driver. That's why I say 'attempts'. The intel-spi-pci driver doesn't have a module parameter, and that's why it unconditionally attempts to turn the chip writable (it will succeed if it is not locked). What I did was just left the intel-spi-pci driver without any module parameter, as it currently is, but removed the part where it attempts to turn the chip writable (just in case the BIOS is not locked). > > With your patch, both the BIOS setting and the module parameter > have to explicitly allow writing on PCI devices, while at least for Bay > Trail platform devices the BIOS write protection is still ignored. > > It sounds like this is what you want, but you should update the description > accordingly. > > Arnd -- Daniel Gutson Argentina Site Director Enginieering Director Eclypsium Below The Surface: Get the latest threat research and insights on firmware and supply chain threats from the research team at Eclypsium. https://eclypsium.com/research/#threatreport