Closed bobjacobsen closed 2 weeks ago
The particular problem here is that accessing "all memory" is a major security and safety issue for any production device. While it is very well defined what "all memory" means for a 32-bit processor / SoC, giving access to it externally brings absolutely no value to the user, but makes it possible to do great damage:
I support the new wording. I would put a comma after the first parenthesized subclause.
I don't actually think having "all memory" as 0xFE in this list is very productive. Maybe we should remove it. I don't really have a suggestion on what else we should put there, so maybe this is not urgent.
0xFE "all memory" could be of use to nodes on a private bus, say for development, where the owner does want to change any part of memory. I guess the counter to that is: if that use-case is required, it can be assigned any unused address-space.
David
On Tue, Feb 13, 2024 at 2:06 PM Balazs Racz @.***> wrote:
The particular problem here is that accessing "all memory" is a major security and safety issue for any production device. While it is very well defined what "all memory" means for a 32-bit processor / SoC, giving access to it externally brings absolutely no value to the user, but makes it possible to do great damage:
- Accessing memory mapped peripherals can cause malfunctions, including defeating safety-relevant features of the product such a short circuit protection. Ultimately this is a fire risk.
- Accessing code space allows theft of IP, and producing counterfeit products with very little engineering effort.
- Accessing "all memory" can be used to extract cryptographic keys that were shipped with the product.
I support the new wording. I would put a comma after the first parenthesized subclause.
I don't actually think having "all memory" as 0xFE in this list is very productive. Maybe we should remove it. I don't really have a suggestion on what else we should put there, so maybe this is not urgent.
— Reply to this email directly, view it on GitHub https://github.com/openlcb/documents/issues/98#issuecomment-1942720097, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEDQSVQRSIF6YHLUO2WH6TYTPPXFAVCNFSM6AAAAABDHHSNMKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNBSG4ZDAMBZG4 . You are receiving this because you are subscribed to this thread.Message ID: @.***>
I understand that this "sounds cool" and there is a "whynot" effect, but... has anybody ever actually done that? I mean do debugging with remote memory access via openlcb?
I have developed quite a few things via openlcb, and I debugged a lot. I find that if I have to debug something, I will use the tools that were designed to do that. They connect to the processor using dedicated ports (e.g. jtag/swd), and they have all the tools setup for this communication and interaction (e.g. gdb).
Doing debugging without the actual debug tools is really really miserable.
Section 4.2 of the Memory Configuration Standard says in relevant part:
Several types of node now in the field respond to a Get Address Space Information Command (section 4.15) for space 0xFE with Address Space Not Present.
I think the language in the Standard is ambiguous here. It says both "are required to be implemented" on one hand, and 'these may or may not have content on a particular node" and "if the corresponding information is available" on the other.
I would prefer that this be reworded to remove the "are required" clause: