<Guest4494>
Is there a way to set write-protect on the BBB's eMMC by, say, grounding a GPIO pin?
<Guest4494>
My goal is to require adding/removing a jumper or changing a dip switch in order to write to the eMMC.
<Guest4494>
I've tried googling for this, but am coming up empty.
ikarso has quit [Quit: Connection closed for inactivity]
balrog has quit [Quit: Bye]
balrog has joined #beagle
vagrantc has joined #beagle
otisolsen70 has quit [Quit: Leaving]
<zmatt>
Guest4494: not really no, the closest you could get to that is by having the bootloader check a gpio and based on that apply "until next power-on" write-protection
<zmatt>
(caveat: iirc the eMMC treats the hardware reset signal the same as a power-cycle which would upon up a vulnerability, however you can permanently disable the function of the reset pin via one of the OTP settings of the eMMC)
<Guest4494>
zmatt, any other way to do a hardware-based write protect?
<Guest4494>
I'm trying to prevent any changes being made from remote sources. If someone has physical control of the board, that doesn't matter, will actually be necessary for physical access to be able to control it.
<zmatt>
well the approach I just mentioned would work for that, since it would run before any remote access is possible, it can't be undone by software (only by hardware reset), and the bootloader itself would be covered by the write-protection, so the only way to bypass it is if the bootloader chooses to skip applying the write-protection (e.g. based on a gpio) or if you bypass the bootloader (e.g. using a ...
<zmatt>
...bootable sd card and the S2 button)
<zmatt>
alternatively, if your eMMC is sufficiently recent there's also an option to protect certain things using a secret key but I'd need to look it up if you want more details
<Guest4494>
Ok, sounds like that would be satisfactory. So, I need to go explore u-boot about reading gpios and setting write-protect, it sounds like.
<Guest4494>
I don't think the key route will be necessary in our case. (ponders...)
<zmatt>
you wouldn't even need to do a gpio-check if you use the bootloader bypass as the way to disable write protection
<Guest4494>
Oh, right. Just set u-boot to always set write-protect on, and when we need to write, e.g., updates, it has to be done from an SD card.
<zmatt>
or at least use a bootloader on SD card (one that doesn't apply write-protection obviously)
<Guest4494>
Oh, the key idea just clicked. Did you mean needing a secret key to even access writing the eMMC?
<Guest4494>
even if booting from an SD card?
<zmatt>
it would be slightly more indirect, the key is used to be able to change certain protection settings of the eMMC
<zmatt>
like I said, if you want details on that I'd need to check myself
<zmatt>
the write-protection options of eMMC is a rather messy patchwork of options, the result of its evolution over time
<Guest4494>
Yes, I would like details. FYI, we're using BBB rev C boards for development but ultimately this will be on the BB industrial, aka BB red, if that matters.
<Guest4494>
Where are those options documented? Somewhere on the BB website?
<zmatt>
eMMC specifications :P
<zmatt>
the board itself isn't really important, what matters is which eMMC chip is on it (which has changed over time as older eMMC becomes unavailable and get replaced by newer ones)
brook has quit [Remote host closed the connection]
<Guest4494>
On the one in my hand here the chip says EMMC04G-M627. And there are some other numbers above and below that.
<zmatt>
yeah, Kingston EMMC04G-M627 ... that's the latest one afaik
brook has joined #beagle
<zmatt>
implements eMMC 5.1
brook has quit [Ping timeout: 276 seconds]
<Guest4494>
Hmm. Kingston's datasheet is a bit skimpy. And it doesn't even list the M627, just the W627 for industrial (wider temp range) and the MK27 for non-industrial.
<zmatt>
sometimes you don't find a datasheet at all, or if you do it's a completely useless one that basically just copy-pasted some stuff from the eMMC spec instead of providing useful info about the specific eMMC device (such as performance)
<Guest4494>
Yeah, Digi-Key and Mouser have the same near-worthless datasheet.
<Guest4494>
Anyway, you've given me a good starting point to research and enough of a solution for new. Thanks for the help zmatt.
<zmatt>
the eMMC spec is also very messy and hard to understand, I think it's in dire need of a good editor instead of just letting manufacturers tack stuff onto the end
<zmatt>
and many of the settings are one-time-programmable which is not exactly inviting to experimentation
Guest4494 has quit [Quit: Client closed]
brook has joined #beagle
set_ has quit [Remote host closed the connection]
brook has quit [Remote host closed the connection]