On 8/13/23 10:39, Loic Poulain wrote:
The SDP read register command can be used to read any memory
mapped address of the device (ddr, registers...). It can then
be exploited by an attacker to access sensitive data/values,
especially when running SDP from SPL, as SPL runs with highest
privileges in ARM secure mode.
Without read, SDP still useful to bootstrap and jump on (signed)
blob such as u-boot with write and jump commands, but reading
is optional in that case (debug purpose).
NXP SoCs usually have a dedicated SDP_READ_DISABLE fuse to disable
SDP read command in their ROM SDP implementation, so it seems quite
reasonable to make it optional from u-boot/spl as well.
If there is a fuse, why not read the fuse and disable READ based on that
fuse instead ?
