[U-Boot] Password protection of U-Boot command line

Mike Frysinger vapier at gentoo.org
Fri Feb 10 21:37:54 CET 2012


On Friday 10 February 2012 15:29:05 Mike Frysinger wrote:
> On Friday 10 February 2012 09:12:10 Frans Meulenbroeks wrote:
> > E.g. if you deliver boards/systems with u-boot on it and you do not
> > want customers to enter u-boot (e.g. by accident or because they want
> > to hack the board), but you would allow authorized service personnel
> > to access the board.
> 
> i've seen people in the past ship their boards with u-boot defaulting to
> silent mode and the autostop key set to a ctrl sequence.  that addresses
> pretty much addresses this.

blah, i need to stop inline editing sentences.  "that pretty much addresses 
the needs here".

if you're concerned about people attacking the system, you need to be 
realistic and lay out exactly what you want to protect and why/how.  the best 
example in the embedded world i've seen of this so far is the ARM TrustZone 
whitepaper.  they're realistic and up front with what TrustZone does and does 
not protect against.

waving your hands around and saying "doing XXX is more secure and therefore we 
should do it" is theater.  i'm not against passwords or ASLR or anything else 
in u-boot, but like Wolfgang said, let's see the realistic plan.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20120210/b6be31c4/attachment.pgp>


More information about the U-Boot mailing list