[U-Boot] Password protection of U-Boot command line

Frans Meulenbroeks fransmeulenbroeks at gmail.com
Fri Feb 10 15:12:10 CET 2012


Generally speaking there is a use case for a password.

E.g. if you deliver boards/systems with u-boot on it and you do not
want customers to enter u-boot (e.g. by accident or because they want
to hack the board), but you would allow authorized service personnel
to access the board.

For this case a secret password in the image would probably suffice
(guess it might help to have it encrypted in flash or store a hash or
so.
Of course is the password leaks the security is gone.

A password in env is more hackable. It would at least require no
access from the kernel to the section the env is in (so no userspace
tools and no /dev/mtd0 mapping to the whole flash).

Yet another alternative (probably solution specific, is to store the
passwd in a separate eeprom or so and make sure it is not accessible
from the kernel (not always trivial)).

Frans.


More information about the U-Boot mailing list