[U-Boot-Users] Re: [PATCH] ARTOS boot support for u-boot

Wolfgang Denk wd at denx.de
Fri Apr 18 13:25:10 CEST 2003


In message <3E9FD3EE.4090402 at intracom.gr> you wrote:
> 
> The two level security is probably overkill, but a single
> level is necessary in my application.

This is already avaiulable right now - it's a config option. You  can
configure  U-Boot  such that you need to know the password to be able
to interrupt the autoboot procedure.

> >Don't allow any access to the U-Boot user interface, then. Run  a  OS
> >on  top  of  it, and implement a web interface or something like that
> >where the user actions can be controlled on a higher level.
> >
> Unfortunately the administrator or the support technicians need this access
> sometimes for troubleshooting, when the web interface is not available
> because of faulty network settings, or some network topology change.

Then give your administrators as much trainung and  documentation  as
is  necessary  to understand what they are doing, and to recover from
bad settings. For example, you can provide a script image which  sets
the  default  parameters,  and instruct your admins to "run defaults"
when necessary. This "default settings script image" can even be made
board-specific (if you use some automated mechanism to generate it).

There are so many options available right now - don;t  implement  new
stuff when just combining existing solutions is sufficient.

> >This has been available since long time ago. See "doc/README.autoboot".
> >
> I see nothing there about a password, and I'm aware of the autoboot feature.

Read the description  for  the  CONFIG_AUTOBOOT_KEYED  config  option
combined  with the CONFIG_AUTOBOOT_DELAY_STR config option and/or the
bootdelaykey environment variable.

They name might be a bit strange, but bootdelaykey == password.

> The passwords will be stored encrypted.
> 
> There will be no master passwords. If the password is lost
> a button pressed during the boot sequence, or a key sequence will
> reset the device state to that after it left the factory.
> It is then up to the administrator to restore the device to
> functional status.

If you have this reset option, then what's the problem at all with  a
dumb  admin  messing  with  the  settings? Let him reset the box, and
restore it to functional status.?


> At a site the passwords are the same for each device. It's not
> like each device will have it's own different password.

Sounds like "security by obscurity" to me.

> I don't intent to do that. I am not striving for maximum security,
> just a way to prevent non determined people of messing with their device
> out of boredom.

Then enable CONFIG_AUTOBOOT_KEYED in your consiguration (means add  a
simple  password  protection), and that's all. This will prevent most
things at low (zero) cost.

> Site security is a problem for the resident BOFH.
> I just have to provide him/her with the tools to do their job.

Keep it simple, though.

Best regards,

Wolfgang Denk

-- 
Software Engineering:  Embedded and Realtime Systems,  Embedded Linux
Phone: (+49)-8142-4596-87  Fax: (+49)-8142-4596-88  Email: wd at denx.de
"Deliver yesterday, code today, think tomorrow."




More information about the U-Boot mailing list