[U-Boot] Password protection of U-Boot command line
Frans Meulenbroeks
fransmeulenbroeks at gmail.com
Fri Feb 10 15:12:10 CET 2012
Generally speaking there is a use case for a password.
E.g. if you deliver boards/systems with u-boot on it and you do not
want customers to enter u-boot (e.g. by accident or because they want
to hack the board), but you would allow authorized service personnel
to access the board.
For this case a secret password in the image would probably suffice
(guess it might help to have it encrypted in flash or store a hash or
so.
Of course is the password leaks the security is gone.
A password in env is more hackable. It would at least require no
access from the kernel to the section the env is in (so no userspace
tools and no /dev/mtd0 mapping to the whole flash).
Yet another alternative (probably solution specific, is to store the
passwd in a separate eeprom or so and make sure it is not accessible
from the kernel (not always trivial)).
Frans.
More information about the U-Boot
mailing list