[U-Boot] Password protection of U-Boot command line
Wolfgang Denk
wd at denx.de
Fri Feb 10 12:38:38 CET 2012
Dear Graeme Russ,
In message <CALButCLT2o=7QO4GbM0M5Tp3BYXPCpqr7Sx6WYH09JKcUdMFSA at mail.gmail.com> you wrote:
>
> As an adjunct to a recent discussion, I wonder if there would be much
> point in password protecting access to the U-Boot command line. The
> password could be saved in an environment variable as an MD-5 or SHA-256
> hash.
We already have such protection, even if it's very simplistic: see
doc/README.autoboot (search for CONFIG_AUTOBOOT_DELAY_STR,
CONFIG_AUTOBOOT_STOP_STR resp. "bootdelaykey" and "bootstopkey").
> But I wonder if:
>
> a) It's worth it, and;
> b) If it would be secure anyway...
>
> When U-Boot environment editing tools available in the host OS, it would
> be fairly trivial to overwrite the password variable - Unless, of course,
> the host OS did not support that functionality.
>
> This feature may be usefull for devices where every part of the system
> must be tightly controlled (medical devices, voting machines etc)
Well, in such devices you will typically disable interactive access at
all.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Extended Epstein-Heisenberg Principle: In an R & D orbit, only 2 of
the existing 3 parameters can be defined simultaneously. The parame-
ters are: task, time and resources ($).
More information about the U-Boot
mailing list