From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by yocto-www.yoctoproject.org (Postfix, from userid 118) id CFE04E008C3; Thu, 13 Nov 2014 11:22:07 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on yocto-www.yoctoproject.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-HAM-Report: * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] Received: from mail.ahsoftware.de (h1446028.stratoserver.net [85.214.92.142]) by yocto-www.yoctoproject.org (Postfix) with ESMTP id A4579E00831 for ; Thu, 13 Nov 2014 11:22:01 -0800 (PST) Received: by mail.ahsoftware.de (Postfix, from userid 65534) id 66E0E2C9C205; Thu, 13 Nov 2014 20:21:57 +0100 (CET) Received: from eiche.ahsoftware (p4FC364C3.dip0.t-ipconnect.de [79.195.100.195]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.ahsoftware.de (Postfix) with ESMTPSA id DB5302C9C201 for ; Thu, 13 Nov 2014 20:21:56 +0100 (CET) Received: by eiche.ahsoftware (Postfix, from userid 65534) id 75B0C802E6; Thu, 13 Nov 2014 20:21:31 +0100 (CET) Received: from krabat.ahsoftware (unknown [IPv6:feee::5246:5dff:fe8b:95f8]) by eiche.ahsoftware (Postfix) with ESMTP id DACA7802E6; Thu, 13 Nov 2014 19:19:56 +0000 (UTC) Message-ID: <54650455.90002@ahsoftware.de> Date: Thu, 13 Nov 2014 20:19:49 +0100 From: Alexander Holler User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Robin Findley References: <260skHV2j2048S08.1415483675@web08.cms.usa.net> <5460C7A0.30008@ahsoftware.de> In-Reply-To: <5460C7A0.30008@ahsoftware.de> Cc: "meta-freescale@yoctoproject.org" Subject: Re: [PATCH 0/1] arm: imx: fsl_otp: make fuses (OTP memory) read-only X-BeenThere: meta-freescale@yoctoproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Usage and development list for the meta-fsl-* layers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Nov 2014 19:22:07 -0000 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Am 10.11.2014 um 15:11 schrieb Alexander Holler: > Am 08.11.2014 22:54, schrieb Robin Findley: >> From Alexander Holler >>> But there is absolutely no reason to include this ONE TIME FUNCTIONALITY >>> into any kernel meant for the public, especially as it is very >>> dangerous. >> >> The problem isn't that someone can burn fuses in a commercial product. >> Rather, the problem is a designer who ships a product with unburned >> fuses. If >> a designer is unaware of the fuses, and ships them unburned (unless he >> has >> good reason), then he shouldn't be selling commercial products. You >> can't >> design an imx product without knowing about the fuses. They are >> fundamental >> to the design process. > > You're only talking about locked products which are including the SW, do > you? > > What's if the software isn't part of you manufacturing process and you > want to leave the customer the choice to enter secure mode whenever he > wish? > > Setting and locking fuses means removing options and crippling the HW. > That's their only purpose. And because I've just got reminded to that fact by some other device: There are many devices which don't ship at first with security mode enabled but where the manufacturer intends to use security mode with a later update of the firmware. So even if the user-visible software is already part of a device, there are reasons to not disable options by locking the fuses. Regards, Alexander Holler