[U-Boot] Password protection of U-Boot command line

Sat Feb 11 01:44:13 CET 2012

Dear Frans,

In message <CACW_hTY7sv6q+Y9+ojkg2PNJ4GRt0rwKHAHzaSb2SGxYHrioRQ at mail.gmail.com> you wrote:
>
> > If you want security, then don;t allow access to U-Boot at all, and
> > run an OS.  There you can do fancy things, including password
> > protection.
> 
> The issue is mainly that we would like a service engineer to upgrade
> if for some reason the os goes into a not recoverable fault, without
> an operator accidently (or on purpose) bumping into it

This is a perfectly reasonable requirement. But it needs to be
designed in, but providing things like fall back to a previous
version, or to a recovery configuration.  U-Boot supports allthis, you
just have to use it.

Passwords are not a tool that would help here.

> > Do you realize that you are already talking how to maintain this
> > "security" level in Linux?  Then also implement it there!  That's
> > where such stuff belongs to.
> >
> probably yes. my concern is mostly about being able to repair systems
> where something is broken and the kernel does not come up as desired
> but also does not crash and bring us back to u-boot (like what happens
> if a crc is faulty).
> 
> What Mike suggests in a subsequent message of using is more or less
> secret key is probably already enough for us.

No.  What you are looking for is a reliable recovery for a failed
software update or an otherwise corrupted system. That's a completely
different topic - but it's standard techology, and nothing to worry
about.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
COBOL is for morons.                                 -- E.W. Dijkstra