From patchwork Sun Aug 13 08:39:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Loic Poulain X-Patchwork-Id: 713327 Delivered-To: patch@linaro.org Received: by 2002:a5d:4012:0:b0:317:ecd7:513f with SMTP id n18csp695573wrp; Sun, 13 Aug 2023 01:39:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEchXmsNQUL9ufUmh1lCbF7W5FhiDyGn9oGthZqX+fvx5gpuTp11EIIfbvjNlqLlh9JR+YQ X-Received: by 2002:a05:600c:746:b0:3f9:b867:4bb with SMTP id j6-20020a05600c074600b003f9b86704bbmr7729225wmn.2.1691915961484; Sun, 13 Aug 2023 01:39:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691915961; cv=none; d=google.com; s=arc-20160816; b=KQdq1t0wcinj33RFzDNCGy8frgPlOaITVkovbWKwmTtlfkOCUUlUwYQLgfOmMDpeJL XVl40XoES9tkG2UL9RxWOlfup29SZ3u+CExZVjNMePOl2q2HC/tMuXS7ttlyd5pFxXCx omVdIPD7qDjhL40laqAMKS2NrGwBLVv2RnpzRRk7U+K2t1fTKQl+e1DVwUnzKmLSUgdb MRxQeGmPN9bTxksvKyGkLY1fuSJbuY92L74Utyxn5k7OieaYpyFhxYAiOU22TQ1nmHXY fVT0Dd98gRgehshrjajB9k+zom82j1ZgvgOteh/PbMFXEx/QQjAtyNcHbeGoiuxQGSFP //sQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=5qVtPIY5bUU39b1U0zAs507ciO7NULal7WkIHyPTgPw=; fh=djUXyUa5fqjXzxWgD+Ogf+hJtsNcOuQlJmWTdChmYfo=; b=SAB6PsnQ8YkTMTRUwc5ehQCfod0Jz0aWqMioseU4lQJE0yFxuZY+9Gh54fWvgakuRi xHZfLiDmVraYggFBk2UywW0h79tF0EPmluuVAv+ysMGpTHLdfdLa/6G/axdT4tBhJ5jb xPO31KMdI814mHDFeMkW5R1cZE0B4VQZJwZN9YK9CA8zozcjpE+BdzcuFX/a1E3dTyqy SF/Jf6YZVb+LTHZyI94CroItfEdUhAc6pYChDye8/Rz4SGt3e7sxODL3J8N2qpblZJzj 0TiLJaF+NK1ikqdKxKOVJo7i5wz4wd15SypRhI/iUaQTygtQA/i9fVPsPECFNPRhJ8Y3 BikA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Cqhpf45B; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id h19-20020a05600c30d300b003fe38119d91si4385300wmn.126.2023.08.13.01.39.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Aug 2023 01:39:21 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Cqhpf45B; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id EBEAD8475C; Sun, 13 Aug 2023 10:39:19 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Cqhpf45B"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B6D1B833CF; Sun, 13 Aug 2023 10:39:18 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C3E928475C for ; Sun, 13 Aug 2023 10:39:15 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=loic.poulain@linaro.org Received: by mail-wr1-x42c.google.com with SMTP id ffacd0b85a97d-31956020336so1435857f8f.0 for ; Sun, 13 Aug 2023 01:39:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1691915955; x=1692520755; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=5qVtPIY5bUU39b1U0zAs507ciO7NULal7WkIHyPTgPw=; b=Cqhpf45BcXy47c+5n3lHqrL71qakG+X4YC8haZPw4+ttTrKh9jBr3rqgMIKbFlhZdf QmU1Ex+KT6GVXUrdYfwDTMvXTYesZrrJpOc2HRkaHkHvtPWzhHbXXjUseXenTieSKrmw WPY0jSu6X4MiM/6IVPwho/s4HbW/XYYuRFHq6tzA6vKFYKh3FPFcwP6B+bterUduaKlz z2AkqfIniJaqK9Mn53TQD36y3UBTQvAuxhCaRT1y23V/5eIQjO+lMZqFDFrBq+gwweL2 Dz7JZocTkS9ijiUlA1bJVPPQE1CqiEr6ueFjQpNZi4DfKMruZx902KaVRy0zVEN61Z3A HOKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691915955; x=1692520755; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5qVtPIY5bUU39b1U0zAs507ciO7NULal7WkIHyPTgPw=; b=A2077PnknoBrLcenWTL4GsBLsQ0U+wqUoZcffl+DTZEFM5f74zcPBcBFj2Iu/baoSi aOI1wFnMs2EkANWyV9OmBcHbMwRCy4q0KMdZ7A67KVxrza1JWrYQ2gZKfeogwyixC+9+ GbEf+el4Z+FRMKoZF5tSrQQgsnWfMik1Z/eiL8QQ9OcjTxp4ut/wHRccZgHr9TJ2a1gU Kk2KlyAnUQ/gaGsOZeIGavUoeXQiIjBBDXs+Rjpb5DdonPLZc2w94okF5HsLLl/tx9VG 4ZDgdvO9cOBWSA8XSeLJ+drSTbERuq1HXV39jvxzjUG5ie1VRZgur3Ll9Rn/0GmTEYLX ++RA== X-Gm-Message-State: AOJu0YxSnVk75PgB5R7IJaQ2GIe8qjHIqA+h+sEudKExb34pHnrKjoi9 kFJq4DWbtZA1qvicBf8SYp8WqA== X-Received: by 2002:adf:f708:0:b0:317:ddef:70a with SMTP id r8-20020adff708000000b00317ddef070amr7682737wrp.9.1691915954864; Sun, 13 Aug 2023 01:39:14 -0700 (PDT) Received: from loic-ThinkPad-T470p.. ([2a01:e0a:82c:5f0:92a5:d57e:294f:f41a]) by smtp.gmail.com with ESMTPSA id k7-20020adfe3c7000000b003176c6e87b1sm10787675wrm.81.2023.08.13.01.39.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Aug 2023 01:39:14 -0700 (PDT) From: Loic Poulain To: lukma@denx.de, marex@denx.de Cc: u-boot@lists.denx.de, Loic Poulain Subject: [PATCH] usb: gadget: sdp: Option to enable SDP read register command Date: Sun, 13 Aug 2023 10:39:12 +0200 Message-Id: <20230813083912.532982-1-loic.poulain@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The SDP read register command can be used to read any memory mapped address of the device (ddr, registers...). It can then be exploited by an attacker to access sensitive data/values, especially when running SDP from SPL, as SPL runs with highest privileges in ARM secure mode. Without read, SDP still useful to bootstrap and jump on (signed) blob such as u-boot with write and jump commands, but reading is optional in that case (debug purpose). NXP SoCs usually have a dedicated SDP_READ_DISABLE fuse to disable SDP read command in their ROM SDP implementation, so it seems quite reasonable to make it optional from u-boot/spl as well. Signed-off-by: Loic Poulain --- drivers/usb/gadget/Kconfig | 14 ++++++++++++++ drivers/usb/gadget/f_sdp.c | 2 ++ 2 files changed, 16 insertions(+) diff --git a/drivers/usb/gadget/Kconfig b/drivers/usb/gadget/Kconfig index 1cfe602284..50cf7c0dae 100644 --- a/drivers/usb/gadget/Kconfig +++ b/drivers/usb/gadget/Kconfig @@ -195,6 +195,13 @@ config USB_FUNCTION_SDP allows to download images into memory and execute (jump to) them using the same protocol as implemented by the i.MX family's boot ROM. +config SDP_READ + bool "Enable SDP READ command" + depends on USB_FUNCTION_SDP + default n + help + Enable SDP secure sensitive SDP read register command. + config USB_FUNCTION_THOR bool "Enable USB THOR gadget" help @@ -344,6 +351,13 @@ config SPL_USB_SDP_SUPPORT allows to download images into memory and execute (jump to) them using the same protocol as implemented by the i.MX family's boot ROM. +config SPL_SDP_READ + bool "Enable SDP READ command in SPL" + depends on SPL_USB_SDP_SUPPORT + default n + help + Enable SDP secure sensitive SDP read register command. + config SPL_SDP_USB_DEV int "SDP USB controller index in SPL" default 0 diff --git a/drivers/usb/gadget/f_sdp.c b/drivers/usb/gadget/f_sdp.c index 4da5a160a0..48a68a50d9 100644 --- a/drivers/usb/gadget/f_sdp.c +++ b/drivers/usb/gadget/f_sdp.c @@ -310,6 +310,7 @@ static void sdp_rx_command_complete(struct usb_ep *ep, struct usb_request *req) be32_to_cpu(cmd->addr), be32_to_cpu(cmd->cnt)); switch (be16_to_cpu(cmd->cmd)) { +#if CONFIG_IS_ENABLED(SDP_READ) case SDP_READ_REGISTER: sdp->always_send_status = false; sdp->error_status = 0x0; @@ -321,6 +322,7 @@ static void sdp_rx_command_complete(struct usb_ep *ep, struct usb_request *req) printf("Reading %d registers at 0x%08x... ", sdp->dnl_bytes_remaining, sdp->dnl_address); break; +#endif case SDP_WRITE_FILE: sdp->always_send_status = true; sdp->error_status = SDP_WRITE_FILE_COMPLETE;