From: Sascha Hauer <s.hauer@pengutronix.de>
To: Oleksij Rempel <o.rempel@pengutronix.de>
Cc: barebox@lists.infradead.org, Robin van der Gracht <robin@protonic.nl>
Subject: Re: [PATCH v1 1/2] nvmem: bsec: Add support for OTP permanent write lock
Date: Fri, 31 Jan 2025 14:07:03 +0100 [thread overview]
Message-ID: <Z5zK9xOFksuEEbmk@pengutronix.de> (raw)
In-Reply-To: <20250130120814.1053382-1-o.rempel@pengutronix.de>
On Thu, Jan 30, 2025 at 01:08:13PM +0100, Oleksij Rempel wrote:
> From: Robin van der Gracht <robin@protonic.nl>
>
> Introduce a mechanism to permanently lock OTP eFuses after programming by
> adding a new `writelock` parameter. When `writelock` is enabled, the
> driver:
>
> - Programs the OTP fuse using `BSEC_SMC_PROG_OTP`.
> - If successful, triggers `BSEC_SMC_WRLOCK_OTP` (OP-TEE:
> `STM32_SIP_SVC_BSEC_WRLOCK_OTP`) to permanently disable further
> modifications to the OTP word.
>
> Security Concern:
> Without this lock mechanism, an OTP word can still be altered by OR-ing
> additional bits onto the existing value, as STM32 BSEC OTP fuses only
> allow one-way bit transitions from 0 to 1. This is a potential security
> risk when dealing with keys or sensitive configuration values, as an
> attacker could modify certain OTP bits without fully replacing the
> original value.
>
> Warning! Write lock is enabled globally per BSEC device:
> - While `writelock=1`, all writes via the BSEC device will be
> permanently locked.
> - The user must avoid writing unintended values during this period,
> as they will become irrevocable.
>
> Example Use Case:
> To program and permanently lock an OTP word:
> bsec0.permanent_write_enable=1
> bsec0.writelock=1
> mw -l -d /dev/stm32-bsec 0x00000170+4 $some_data
> bsec0.permanent_write_enable=0
> bsec0.writelock=0
I don't really like this writelock approach. It makes it hard to write
something to OTP without locking and then lock it later. This can only
be done by writing the same data again, with writelock enabled this
time.
We have support for a protect operation, originally used for flashes.
This looks like a good match for this purpose. Could we use it here?
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
prev parent reply other threads:[~2025-01-31 13:07 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-30 12:08 Oleksij Rempel
2025-01-30 12:08 ` [PATCH v1 2/2] Documentation: user: Add OTP support and parameter descriptions Oleksij Rempel
2025-01-31 13:03 ` Sascha Hauer
2025-01-31 13:07 ` Sascha Hauer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z5zK9xOFksuEEbmk@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=o.rempel@pengutronix.de \
--cc=robin@protonic.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox