On 23/04/20 6:12 PM, Andrew F. Davis wrote:
On 4/23/20 2:38 AM, Lokesh Vutla wrote:
On 22/04/20 10:39 PM, Andrew F. Davis wrote:
When authenticating the initial boot binary the ROM will check a debug type value in the certificate and based on that open JTAG access to that core.
The default is currently full access, on HS this is useful for early developers, but should not be the default as to prevent end system integrators from unintentionally leaving this open.
Won't JTAG access is useful for early developers. UART as well not available at this point. What we offer out of the box is not a production ready secure system. I would prefer to have it enabled by default.
Who are these early developers? Pre-SYSFW on HS is a harsh environment, firewalls and other pitfalls limit one to only what is needed to get SYSFW loaded. Only a handful of folks will ever touch the source this early, and they will be using a GP device for that development, in which case debug is enabled, even with this change.
I'd guess I'm the only developer touching code this early on HS, I say
For how long you are guaranteeing that? This cannot be an assumption for making default options.
this as so far I'm the only one who has noticed that there is a ROM issue that makes early debug on HS almost unusable.
Accidentally leaving this open completely defeats the chain of trust, I guarantee some production system will do this if we leave JTAG open by default, it happens all the time.
Did you audit all other default options?
So debug doesn't work here anyway, no one uses it and those who do can flip this bit with the command line flag, and leaving it on will lead to a huge security issue for one of our customers.
Then please split this change into two patches. 1- adding a command line option. 2- changing the default options with reasons clearly mentioned in the commit description.
Thanks and regards, Lokesh