From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by yocto-www.yoctoproject.org (Postfix, from userid 118) id 06C4AE008D0; Sun, 9 Nov 2014 04:42:45 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on yocto-www.yoctoproject.org X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-HAM-Report: * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider * (picmaster[at]mail.bg) * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's * domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no * trust * [193.201.172.117 listed in list.dnswl.org] Received: from mx1.mail.bg (mx1.mail.bg [193.201.172.117]) by yocto-www.yoctoproject.org (Postfix) with ESMTP id 7C20BE00832 for ; Sun, 9 Nov 2014 04:42:39 -0800 (PST) Received: from [192.168.0.40] (unknown [93.152.132.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.mail.bg (Postfix) with ESMTPSA id 0DC0060009A8; Sun, 9 Nov 2014 14:34:26 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mail.bg; s=default; t=1415536466; bh=HPLHvbOCk9OxPFbr1IxeEbeSw+oZ/ThsoUmSWt/gBVY=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=pRZBnGbnNiSfT21q9wAU0r/g79aosT9A/pDJu5XfG6kMrrofD4tF+6PrvURVshUmp F3L7Ip2kQfv1ggCojyZ26/78glrF3gxerjYjga9L2pjkrAkSbDeV3DLzQcPXYX8v1F 2P6q+BFnSYkVg0lG9+RMBCCCpwfZ+gg7XD65s1cI= Message-ID: <545F5F51.4050304@mail.bg> Date: Sun, 09 Nov 2014 14:34:25 +0200 From: Nikolay Dimitrov User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.2.0 MIME-Version: 1.0 To: Alexander Holler References: <1415353415-3805-1-git-send-email-holler@ahsoftware.de> <20141107150003.27c16356@e6520eb.localdomain> <20141107160443.765f9b19@e6520eb.localdomain> <545CE3DE.4070902@ahsoftware.de> <545CF576.5050403@ahsoftware.de> <545D79DC.8030701@mail.bg> <545E65D3.5080003@ahsoftware.de> In-Reply-To: <545E65D3.5080003@ahsoftware.de> Cc: "meta-freescale@yoctoproject.org" , Jon Nettleton , Otavio Salvador Subject: Re: [PATCH 0/1] arm: imx: fsl_otp: make fuses (OTP memory) read-only X-BeenThere: meta-freescale@yoctoproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Usage and development list for the meta-fsl-* layers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2014 12:42:45 -0000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hi Alexander, The eFuses are lockable. If you don't intend to further modify their value after proper programming, you should lock them. If you don't do so, you shouldn't blame the Linux driver for the consequences. Crippling the IMX OTP driver doesn't solve the system security issues. I can write to the IMX physical memory (e.g. to program OCOTP registers) without this Linux driver at all, I just need proper privileges and the devregs tool (thanks Eric & Troy!). I have just like you some imx6 hobby boards. If one of them is bricked, it's totally my fault. And yet we have hundreds of thousands of imx6 boards on the road, which we locked during manufacturing, and disabled the OTP driver, so it's impossible to brick them via OTP. To me it seems that the current state of affairs is already perfectly OK and there's no need to panic. Kind regards, Nikolay