[Gnuk-users] STM32 write protection option bytes
NIIBE Yutaka
gniibe at fsij.org
Tue Sep 1 00:26:32 UTC 2015
Thank you for idea and suggestion.
On 09/01/2015 07:05 AM, Mateusz Zalega wrote:
> do you think it's worth the hassle to enable write protection on pages
> that are supposed to be read-only in order to increase overall security?
>
> gnuk.ld would need to be modified to align those to 2kb boundaries and a
> method to generate write protection map would need to be implemented,
> but it seems entirely doable.
What kinds of threats do you imagine? Vulnerability which results
arbitrary code change? Given such a vulnerability, it would be also
possible to change the protection itself...
I understand such a claim it will increase "security", but, for this
particular way to "protect" code, I don't think it's worth a try.
There are many other methods we can try to achieve similar effect in
different way (I mean: code audit, static analysis, etc.). And
introducing this "protection" would be more complicated if we want to
keep the feature of firmware upgrade.
Instead, it would be worth to consider storing checksum of code and
runtime checking of it.
--
More information about the gnuk-users
mailing list