[U-Boot] Password protection of U-Boot command line
Mike Frysinger
vapier at gentoo.org
Fri Feb 10 21:37:54 CET 2012
On Friday 10 February 2012 15:29:05 Mike Frysinger wrote:
> On Friday 10 February 2012 09:12:10 Frans Meulenbroeks wrote:
> > E.g. if you deliver boards/systems with u-boot on it and you do not
> > want customers to enter u-boot (e.g. by accident or because they want
> > to hack the board), but you would allow authorized service personnel
> > to access the board.
>
> i've seen people in the past ship their boards with u-boot defaulting to
> silent mode and the autostop key set to a ctrl sequence. that addresses
> pretty much addresses this.
blah, i need to stop inline editing sentences. "that pretty much addresses
the needs here".
if you're concerned about people attacking the system, you need to be
realistic and lay out exactly what you want to protect and why/how. the best
example in the embedded world i've seen of this so far is the ARM TrustZone
whitepaper. they're realistic and up front with what TrustZone does and does
not protect against.
waving your hands around and saying "doing XXX is more secure and therefore we
should do it" is theater. i'm not against passwords or ASLR or anything else
in u-boot, but like Wolfgang said, let's see the realistic plan.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20120210/b6be31c4/attachment.pgp>
More information about the U-Boot
mailing list