u-boot/board
Pali Rohár 48f2c8a37f arm: mvebu: Espressobin: Disallow forwarding packets between wan and lan ports
By default Topaz switch on Espressobin board forwards packets between all
ethernet ports, including CPU (port 0), wan (port 1) and lan (ports 2,3).

This default U-Boot setup is unsuitable for using Espressobin as router as
it opens security hole in forwarding all packets between wan and lan ports.
E.g. dhcp packets from wan network leaks to lan network during small time
window until U-Boot boots Linux kernel which loads network drivers which
disallows forwarding between wan and lan.

This patch fixes above problem. For Espressobin board prior putting Topaz
switch into forwarding mode, Topaz switch is reconfigured to allow
forwarding packets from wan and lan ports only to CPU port. This ensures
that packets from wan port are not forwarded to lan ports and vice-versa.
Packets from CPU port are still forwarded to all other ports, so U-Boot
network boot works with any ethernet port as before.

This problem was already discussed on Espressobin forum [1] and on
Marvell's github issue tracker [2]. As a workaround people on Espressobin
forum patched U-Boot to completely disable lan ports on Topaz switch which
prevented forwarding packets. That workaround had an issue that U-Boot was
unable to netboot via lan ports anymore. Change in this patch does not have
such issue.

This security issue has been dicussed here as well: [3].

[1] - https://web.archive.org/web/20191231164238/http://espressobin.net/forums/topic/boot-behavior-of-the-switch-and-security/
[2] - https://github.com/MarvellEmbeddedProcessors/u-boot-marvell/issues/18
[3] - https://forum.armbian.com/topic/12635-espressobin-uboot-security-concerns-switch-init-portmask/

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Andre Heider <a.heider@gmail.com>
2020-08-31 14:44:14 +02:00
..
abilis/tb100 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
advantech treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
alliedtelesis common: Drop linux/bitops.h from common header 2020-05-18 21:19:23 -04:00
altera ARM: socfpga: Add default FPGA bitstream fitImage for Arria10 SoCDK 2019-05-10 22:48:10 +02:00
amarula/vyasa-rk3288 common: Move serial functions out of common.h 2019-12-02 18:23:11 -05:00
amazon/kc1 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
amlogic boards: amlogic: add Odroid C4 support 2020-07-08 10:52:45 +02:00
AndesTech riscv: ae350: Use fdtdec_get_addr_size_auto_noparent to parse smc reg 2020-07-24 14:56:24 +08:00
Arcturus/ucp1020 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
aries/mcvevk arm: socfpga: Re-add support for Aries MCV SoM and MCVEV[KP] board 2019-05-14 19:52:39 +02:00
aristainetos command: Remove the cmd_tbl_t typedef 2020-05-18 18:36:55 -04:00
armadeus common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
armltd board: armltd: Add support for Total Compute platform 2020-08-24 14:11:31 -04:00
aspeed/evb_ast2500 SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
astro/mcf5373l common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
atmark-techno/armadillo-800eva common: Move reset_cpu() to the CPU header 2020-01-24 23:06:49 +05:30
atmel w1: Drop dm.h header file 2020-08-03 22:19:54 -04:00
avionic-design common: Drop log.h from common header 2020-05-18 21:19:18 -04:00
bachmann/ot1200 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
barco treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
beacon ARM: rmobile: Add Beacon EmbeddedWorks RZG2M Dev Kit 2020-07-25 14:19:26 +02:00
beckhoff/mx53cx9020 common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
birdland/bav335x arm: Remove bav335x board 2020-07-09 20:58:05 +05:30
bitmain/antminer_s9 xilinx: Introduce board_late_init_xilinx() 2020-04-27 13:57:17 +02:00
bluegiga/apx4devkit treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
bluewater treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
bosch treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
boundary/nitrogen6x treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
broadcom board: ns3: add development keys used in FIT 2020-07-29 10:37:11 -04:00
bticino/mamoj common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
buffalo/lsxl common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
BuR Makefile: Rename ALL-y to INPUTS-y 2020-07-28 19:30:39 -06:00
BuS/eb_cpu5282 command: Remove the cmd_tbl_t typedef 2020-05-18 18:36:55 -04:00
cadence/xtfpga board_f: Factor out bdinfo bi_mem{start, size} to setup_bdinfo 2020-08-06 14:26:35 -04:00
calao/usb_a9263 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
CarMediaLab/flea3 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
cavium/thunderx treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
ccv/xpress treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
cei/cei-tk1-som SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
chipspark/popmetal_rk3288 common: Move some board functions out of common.h 2019-12-02 18:25:21 -05:00
cirrus/edb93xx treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
cloudengines/pogo_e02 common: Drop log.h from common header 2020-05-18 21:19:18 -04:00
cobra5272 common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
compal/paz00 common: Drop log.h from common header 2020-05-18 21:19:18 -04:00
compulab treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
comtrend SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
congatec treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
coreboot x86: Add a 64-bit 'coreboot64' build 2020-05-04 15:28:28 +08:00
corscience/tricorder treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
cortina common: Drop linux/bitops.h from common header 2020-05-18 21:19:23 -04:00
creative/xfi3 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
cssi treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
CZ.NIC treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
d-link/dns325 common: Drop log.h from common header 2020-05-18 21:19:18 -04:00
davinci/da8xxevm treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
devboards/dbm-soc1 SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
dfi common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
dhelectronics ARM: dts: stm32: Update eth1addr from EEPROM if eth1 present 2020-08-13 09:56:44 +02:00
ea/mx7ulp_com arm: imx: Finish migration from CONFIG_SECURE_BOOT to CONFIG_IMX_HAB 2020-06-26 10:29:06 -04:00
ebv/socrates arm: socfpga: socrates: make rtc work 2019-04-25 00:00:49 +02:00
eets/pdu001 common: Drop log.h from common header 2020-05-18 21:19:18 -04:00
efi common: Move some board functions out of common.h 2019-12-02 18:25:21 -05:00
egnite/ethernut5 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
el/el6x treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
elgin/elgin_rv1108 common: Drop init.h from common header 2020-05-18 17:33:33 -04:00
embest/mx6boards treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
emulation arm: qemu: override flash accessors to use virtualizable instructions 2020-07-29 08:43:40 -04:00
engicam common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
esd treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
firefly rockchip: firefly-rk3288: Fix the code support for SPL_LED 2020-08-21 19:56:19 +08:00
freescale configs:ls1046afrwy: Add tfa secure boot defonfig 2020-07-27 14:23:57 +05:30
friendlyarm arm: add support for SoC s5p4418 (cpu) / nanopi2 board 2020-07-29 08:43:40 -04:00
gardena common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
gateworks/gw_ventana treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
gdsys treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
ge treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
geekbuying/geekbox rockchip: rk3368: Migrate to use common board file 2019-07-29 10:27:48 +08:00
google treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
grinn treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
hardkernel/odroid_go2 rockchip: board: add Hardkernel Odroid Go2 board 2020-07-22 20:21:23 +08:00
highbank treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
hisilicon treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
huawei/hg556a SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
ids/ids8313 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
imgtec Makefile: Rename ALL-y to INPUTS-y 2020-07-28 19:30:39 -06:00
intel Makefile: Rename ALL-y to INPUTS-y 2020-07-28 19:30:39 -06:00
inversepath/usbarmory treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
iomega/iconnect common: Drop init.h from common header 2020-05-18 17:33:33 -04:00
is1 SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
isee treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
k+p common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
keymile board/km: update MAINTAINERS email 2020-07-17 10:47:19 -04:00
kmc/kzm9g treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
kobol/helios4 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
kosagi/novena treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
l+g/vinco treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
LaCie arm: kirkwood: enable DM_ETH for LaCie board 2020-07-09 06:51:20 +02:00
laird treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
lego/ev3 common: Drop init.h from common header 2020-05-18 17:33:33 -04:00
lg/sniper treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
liebherr liebherr: Drop duplicate dm.h inclusion 2020-08-03 22:19:54 -04:00
logicpd treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
Marvell arm: mvebu: Espressobin: Disallow forwarding packets between wan and lan ports 2020-08-31 14:44:14 +02:00
maxbcm common: Drop init.h from common header 2020-05-18 17:33:33 -04:00
mediatek board: mediatek: Add support for UniElec U7623 board 2020-07-29 08:43:40 -04:00
menlo/m53menlo treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
microchip common: Drop init.h from common header 2020-05-18 17:33:33 -04:00
mikrotik/crs3xx-98dx3236 arm: mvebu: crs3xx-98dx3236: Add a maintainer 2020-08-06 14:12:14 +02:00
mini-box/picosam9g45 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
mpc8308_p1m treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
mqmaker/miqi_rk3288 rockchip: board: rk3288: remove board_boot_order() 2019-07-20 23:59:44 +08:00
mscc mscc: Drop dm.h header file 2020-08-03 22:19:54 -04:00
myir/mys_6ulx imx: Add MYiR Tech MYS-6ULX support 2020-08-03 17:03:57 +02:00
netgear common: Drop linux/bitops.h from common header 2020-05-18 21:19:23 -04:00
nokia/rx51 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
novtech/meerkat96 arm: imx: Finish migration from CONFIG_SECURE_BOOT to CONFIG_IMX_HAB 2020-06-26 10:29:06 -04:00
nvidia treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
olimex/mx23_olinuxino treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
opalkelly/zynq arm: zynq: Remove low level UART setting 2020-01-14 09:05:53 +01:00
phytec arm: imx6q: pcm058: Rework SPI NOR configuration 2020-08-03 17:03:57 +02:00
phytium/durian common: Drop log.h from common header 2020-05-18 21:19:18 -04:00
pine64 rockchip: Add initial support for the Pinebook Pro laptop from Pine64. 2020-05-31 22:22:07 +08:00
ppcag/bg0900 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
qca common: Drop init.h from common header 2020-05-18 17:33:33 -04:00
qemu-mips treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
qualcomm treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
radxa SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
raidsonic/ib62x0 common: Drop init.h from common header 2020-05-18 17:33:33 -04:00
raspberrypi/rpi treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
renesas ARM: renesas: Drop unnecessary function ft_board_setup() 2020-08-25 05:41:09 +02:00
rockchip arm64: dts: rockchip: Add Radxa ROCK Pi 4C support 2020-07-22 20:55:13 +08:00
ronetix treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
sagem/f@st1704 SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
samsung treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
sandbox configs: sandbox: activate env in ext4 support 2020-07-31 10:13:00 -04:00
sandisk/sansa_fuze_plus treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
sbc8349 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
sbc8548 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
sbc8641d treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
schulercontrol/sc_sps_1 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
Seagate common: Drop init.h from common header 2020-05-18 17:33:33 -04:00
seco arm: mx6: Make all i.MX6 SoCs user-selectable 2020-08-25 10:26:14 +02:00
seeed/linkit-smart-7688 common: Drop linux/bitops.h from common header 2020-05-18 21:19:23 -04:00
sfr/nb4_ser SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
siemens treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
sifive/fu540 riscv: sifive/fu540: Move SPL related functions to spl.c 2020-08-14 14:38:53 +08:00
sipeed/maix configs: defconfig for Sipeed Maix in S-mode 2020-08-25 09:33:54 +08:00
sks-kinkel/sksimx6 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
socrates treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
softing treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
solidrun treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
somlabs/visionsom-6ull ARM: imx: mx6ull: Add iMX6ULL VisionSOM SoM and EVK 2020-01-20 15:38:16 +01:00
spear treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
sr1500 common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
st board: stm32mp1: use const for struct node_info 2020-08-13 10:10:33 +02:00
ste/stemmy common: Drop init.h from common header 2020-05-18 17:33:33 -04:00
sunxi treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
Synology common: Drop linux/bitops.h from common header 2020-05-18 21:19:23 -04:00
synopsys common: Drop linux/bitops.h from common header 2020-05-18 21:19:23 -04:00
sysam common: Move testdram() into init.h 2020-01-24 23:06:49 +05:30
syteco/zmx25 common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
tbs/tbs2910 arm: mx6: Make all i.MX6 SoCs user-selectable 2020-08-25 10:26:14 +02:00
tcl/sl50 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
technexion pico-imx6ul: convert ethernet function to DM_ETH 2020-08-18 10:10:25 +02:00
technologic treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
terasic SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
theadorable treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
theobroma-systems rockchip: puma: drop special handling of usb host regulator 2020-06-07 18:57:16 +08:00
ti board: ti: j721e: Add support for HyperFlash detection 2020-08-11 20:34:46 +05:30
timll treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
topic/zynq board: topic-miami: Set FCLK1 to 150MHz 2020-06-24 13:11:08 +02:00
toradex colibri-imx7: fix splash logo drawing 2020-07-27 14:01:32 +02:00
tplink/wdr4300 common: Drop linux/bitops.h from common header 2020-05-18 21:19:23 -04:00
tqc arm: mx6: Make all i.MX6 SoCs user-selectable 2020-08-25 10:26:14 +02:00
udoo treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
vamrs/rock960_rk3399 rockchip: Remove ARCH= references from documentation 2020-06-02 17:27:04 -04:00
variscite/dart_6ul treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
varisys treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
ve8313 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
vocore/vocore2 mips: Add support for SoM "VoCore2". 2020-04-27 20:30:14 +02:00
vscom/baltos treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
wandboard treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
warp treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
warp7 treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
work-microwave/work_92105 common: Drop linux/delay.h from common header 2020-05-18 21:19:23 -04:00
xen/xenguest_arm64 MAINTAINERS: Add maintainers to XEN section 2020-08-24 14:11:31 -04:00
xes treewide: convert bd_t to struct bd_info by coccinelle 2020-07-17 09:30:13 -04:00
xilinx xilinx: common: Change bootm_size variable setting 2020-08-20 09:58:16 +02:00
zyxel/nsa310s common: Drop init.h from common header 2020-05-18 17:33:33 -04:00