[meta-freescale] [PATCH 0/1] arm: imx: fsl_otp: make fuses (OTP memory) read-only
Chris Tapp
opensource at keylevel.com
Sat Nov 8 00:58:33 PST 2014
On 8 Nov 2014, at 02:03, Nikolay Dimitrov <picmaster at mail.bg> wrote:
> Hi Alexander,
>
> The driver allows to be enabled/disabled by a configuration option, so
> it's a responsibility of your engineering team to properly configure
> the software for development, manufacturing and production purposes, as
> there's no "one size fits all" solution for this option.
>
> And I think it would be a unwise decision just to cripple the driver
> because there is potential for misuse the driver. If so, we have to
> disable also all device files and sysfs entries that allow raw access
> to physical memory, physical disks, cpu frequency, thermal device,
> power supply voltages, as all of these can screw-up the product (either
> by deleting data or by frying a component on the board). And we have to
> forbid kitchen knives :).
>
> I like Eric's idea with sysfs unlock entry. It's also possible to have
> different sysfs "read" and "write" files' permissions, to provide
> privilege separation.
>
> I also understand your confusion of the answers received on LKML and
> here, but you should already know that each FOSS tribe has its own
> customs. What's good for the kernel itself doesn't make it instantly
> good for actual systems/product integration, so it's normal to have
> groups with different goals to react differently on the same topic.
As has already been mentioned, it is the responsibility of a project to ensure that any product is suitably protected.
I can image a customer would be really unhappy if their system (e.g. Smart TV) could be destroyed by a bit of malware !
--
Chris Tapp
opensource at keylevel.com
www.keylevel.com
----
You can tell you're getting older when your car insurance gets real cheap!
More information about the meta-freescale
mailing list