RE: [RFC PATCH 11/12] e1000e: write protect ICHx NVM to preventmalicious write/erase

[Allan, Bruce W]

Yeah, we can do that.  I need to amend the patch a bit to prevent the protected range lock from being lifted unintentionally and will add some debug statements if/when any write/erase cycles fail.

-----Original Message-----
From: Jiri Kosina [mailto:jkosina@xxxxxxx]
Sent: Tuesday, September 30, 2008 5:41 AM
To: Brandeburg, Jesse
Cc: linux-kernel@xxxxxxxxxxxxxxx; linux-netdev@xxxxxxxxxxxxxxx; kkeil@xxxxxxx; agospoda@xxxxxxxxxx; arjan@xxxxxxxxxxxxxxx; Graham, David; Allan, Bruce W; Ronciak, John; Thomas Gleixner; chris.jones@xxxxxxxxxxxxx; tim.gardner@xxxxxxxxx; airlied@xxxxxxxxx; Allan, Bruce W
Subject: Re: [RFC PATCH 11/12] e1000e: write protect ICHx NVM to prevent malicious write/erase

On Mon, 29 Sep 2008, Jesse Brandeburg wrote:

> Set the hardware to ignore all write/erase cycles to the GbE region in
> the ICHx NVM.  This feature can be disabled by the WriteProtectNVM module
> parameter (enabled by default) though that is not recommended.
>
> Signed-off-by: Bruce Allan <bruce.w.allan@xxxxxxxxx>
> Signed-off-by: Jesse Brandeburg <jesse.brandeburg@xxxxxxxxx>

I guess there is no chance to have kernel somehow notified when
write/erase cycle is unsuccessfully tried, is it? This way, it would also
make chasing the root cause easier.

Thanks,

--
Jiri Kosina
SUSE Labs

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/