nix7965 edited a comment on issue #3011:
URL:
https://github.com/apache/incubator-nuttx/issues/3011#issuecomment-797603358
I would suggest we may need to disable "mw"-like commands as @patacongo
mentioned at default because it does not look like such useful....
Also, I have the following opinions.
1. I think "firmware extraction permission" != "NSH access".
If there was no "mw" command, firmware extraction is not possible.
Meanwhile @btashton said that STM32F4's readout protection is very broken (I
assume you mean we can disable STM32F4's readout **without any problem such as
no original firmware erasure**).
But, I remember there is no practical way to do that.... Sorry for my
ignorance. Could you tell me how to do that?
Even if that is really very broken, that does not mean we should not protect
against this vulnerability.
Because this can happen on other "unbroken" boards, I think we should make
it more secure.
Again, NSH access itself is not firmware extraction permission.
Additionally, if applications running on NSH are properly implemented, NSH may
not cause serious security issues IMO.
2. Second, @patacongo mentioned PROTECTED mode. But, I think NuttX is open
source. Therefore, I guess what the vendors really protect is their
**"application code from the firmware extraction"**. In that case, I guess "mw"
commands work for "application code". If my understanding is correct, please
let me know. That's good to learn.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
