From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: Boris BREZILLON <boris.brezillon@free-electrons.com>
Cc: devicetree@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mtd@lists.infradead.org,
Maxime Ripard <maxime.ripard@free-electrons.com>,
Brian Norris <computersforpeace@gmail.com>,
David Woodhouse <dwmw2@infradead.org>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [RFC PATCH 0/3] mtd: nand: add randomizer support
Date: Thu, 1 May 2014 15:31:48 -0600 [thread overview]
Message-ID: <20140501213148.GA1563@obsidianresearch.com> (raw)
In-Reply-To: <5362B4E6.7010009@free-electrons.com>
On Thu, May 01, 2014 at 10:56:06PM +0200, Boris BREZILLON wrote:
> > However, with a synchronous scrambler the security concern boils down
> > to how robust and unpredictable is the PRBS.
>
> I'm not sure security is the main concern here.
> AFAICT, NAND scramblers (note that I stopped using the name "randomizer"
> :-)) is mainly used to avoid large island of identical data, because
> some NAND chips are sensible to such patterns (see [1] page 14).
Right, if you send to the flash 'the wrong data' then some combination of:
1) Retention time till ECC failure is reduced
2) The flash block is permanently damaged early
3) A 'nearby', unrelated flash block has ECC failure due to interference
So, if someone deliberately and maliciously defeats the scrambler and
deliberately sends in wrong data what happens?
1/3) Delibrate, predictable file system corruption
2) Create device damage and significantly early replacement of the device.
All could lead to a DOS attack of some sort, at a minimum.
FWIW, there was a similar attack against a certain communication
system. The line scrambler was statistically predictable, and if an
attacker sent enough packets that were the predictable anti-scramble
then enough would align with the scamble pattern and the
communication channel would fail and retrain creating a DOS vector.
For this reason these days com systems tend to use a 58 bit
self-synchronous LFSR for scrambling purposes.
> And this is exactly what's done in the sunxi HW scrambler
> implementation, or at least you can do it based on what you're
> specifying in your DT (see the "nand-randomizer-seeds" in the 3rd
> patch): you can define a seed table and the seed is selected based on
> the page number you're reading or writing.
Well, re-using fixed (and public) seeds:
state = rnd->seeds[page % rnd->nseeds];
Just changes the probabilities. For instance, some filesystems can be
asked to create extents with a large alignment (like 2M) to speed IOs,
and a small seeds table means the seeds within such a file will be
fully predictable.
If you are already stuck with this, then fine, it can be a driver
specific binding - but if this is a new green-field design, intended
to be broadly used as a core MTD feature:
I'd suggest just seeding with the block number xor some value, and
using a LFSR with a state space larger than the number of blocks in
the device, and don't specify a seeds array in DT.
Regards,
Jason
next prev parent reply other threads:[~2014-05-01 21:31 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-01 1:09 [RFC PATCH 0/3] mtd: nand: add randomizer support Boris BREZILLON
2014-05-01 1:09 ` [RFC PATCH 2/3] of: mtd: add NAND randomizer mode retrieval Boris BREZILLON
[not found] ` <1398906592-24677-3-git-send-email-b.brezillon.dev-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-05-01 13:16 ` Grant Likely
[not found] ` <20140501131605.9CB7CC409DA-WNowdnHR2B42iJbIjFUEsiwD8/FfD2ys@public.gmane.org>
2014-05-01 17:18 ` Boris BREZILLON
2014-05-01 1:09 ` [RFC PATCH 3/3] mtd: nand: add sunxi randomizer support Boris BREZILLON
[not found] ` <1398906592-24677-1-git-send-email-b.brezillon.dev-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-05-01 1:09 ` [RFC PATCH 1/3] mtd: nand: introduce a randomizer layer in the NAND framework Boris BREZILLON
2014-05-01 16:34 ` [RFC PATCH 0/3] mtd: nand: add randomizer support Jason Gunthorpe
[not found] ` <20140501163407.GB3296-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2014-05-01 17:31 ` Boris BREZILLON
[not found] ` <536284E1.50001-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org>
2014-05-01 17:59 ` Jason Gunthorpe
[not found] ` <20140501175946.GA14539-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2014-05-01 20:56 ` Boris BREZILLON
2014-05-01 21:31 ` Jason Gunthorpe [this message]
2014-05-01 18:37 ` Antoine Ténart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140501213148.GA1563@obsidianresearch.com \
--to=jgunthorpe@obsidianresearch.com \
--cc=boris.brezillon@free-electrons.com \
--cc=computersforpeace@gmail.com \
--cc=devicetree@vger.kernel.org \
--cc=dwmw2@infradead.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=maxime.ripard@free-electrons.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).