[PATCH RFC 2/2] mtd: ubi: add support for protecting critical volumes
Daniel Golle
daniel at makrotopia.org
Mon Sep 30 12:39:48 PDT 2024
On Mon, Sep 30, 2024 at 08:43:40PM +0200, Richard Weinberger wrote:
> ----- Ursprüngliche Mail -----
> > Von: "chengzhihao1" <chengzhihao1 at huawei.com>
> >>> Von: "Daniel Golle" <daniel at makrotopia.org>
> >>> Allow the boot firmware to define volumes which are critical for the
> >>> system to boot, such as the bootloader itself if stored inside a UBI
> >>> volume. Protect critical volumes by preventing the user from removing,
> >>> resizing or writing to them, and also prevent the UBI device from
> >>> being detached if a critical volume is present.
> >>
> >> I agree with the doubts raised in patch 1/2, if userspace is so hostile
> >> to delete system partitions, there is little hope.
> >> But I'm still open for discussion.
> >
> > Yes, I agree that it is meaningful to prevent user from operating
> > volumes accidently. How about doing that by some existing methods? Eg.
> > selinux(Design sepolicy for ioctl cmd).
>
> Another thought, do we really need to enforce this in kernel space?
> Teaching ubi-tools to be super careful with some volumes is also an option.
>
> like a ubirmvol ... --i-know-what-im-doing.
True, enforcement doesn't need to happen in kernel (though I think it's
nicer, but really just a matter of taste, I guess). ubi-tools would still
need to be able to recognize critical volumes somehow, and that could be
done by checking if the 'volume-is-critical' property is present in
/sys/class/ubi/ubi*_*/of_node/
If you prefer going down that road instead I will work on patches for
git.infradead.org/mtd-utils.git instead.
More information about the linux-mtd
mailing list