[PATCH 1/1] MTD: Unlocking all Intel flash that is locked on power up
Nicolas Pitre
nico at cam.org
Mon Nov 12 23:48:58 EST 2007
On Mon, 12 Nov 2007, Jared Hulbert wrote:
> > Don't make the unlocking the default. The flag has simply to be set
> > explicitly for the unlock to occur. Few reasons for this:
> >
> > 1) you don't know if a particular flash requires unlocking after boot,
> > (most flash models don't) so doing it unconditionally is wasteful;
> >
> > 2) the partition might as well be meant to remain locked, except for
> > rare occasions when its content is updated (think bootloader) meaning
> > it cannot be marked read-only;
> >
> > 3) this is a security feature and should not be bypassed "by
> > default", and therefore the auto-unlock should be dependent on an
> > explicit flag so people needing it will have the opportunity to think
> > about it.
>
> Why is it a security feature to have a partition marked as r/w come up
> as locked? That's nutty.
How do you update your bootloader from Linux but protect it from
possible corruptions otherwise? By recompiling your kernel? _That_ is
nutty.
> If someone want's to implement some complex
> scheme to prevent errant programs, they can use the userspace tools
> and readonly flag for that.
Well, actually I just looked and the core already has the code to
auto-unlock flash when they have the MTD_STUPID_LOCK bit set.
So... if one partition should _not_ be automatically unlocked, it just
has to put MTD_STUPID_LOCK in its flag_mask. I'd have prefered if the
auto-unlock was explicitly enabled instead of its prevention, but
whatever.
> The mailinglist gets an awful lot of
> questions that have pointlessly locked partitions as the core.
I guess it's only a matter of properly flagging flash models that do
power up locked then.
Nicolas
More information about the linux-mtd
mailing list