[U-Boot] [PATCH v2 4/4] autoboot.c: Add feature to stop autobooting via SHA256 encrypted password

Magnus Lilja lilja.magnus at gmail.com
Fri May 15 09:44:18 CEST 2015


Hi Stefan,

On 8 May 2015 at 09:52, Stefan Roese <sr at denx.de> wrote:
> This patch adds the feature to only stop the autobooting, and therefor
> boot into the U-Boot prompt, when the input string / password matches
> a values that is encypted via a SHA256 hash and saved in the environment.
>
> This feature is enabled by defined these config options:
>      CONFIG_AUTOBOOT_KEYED
>      CONFIG_AUTOBOOT_STOP_STR_SHA256
>
> Signed-off-by: Stefan Roese <sr at denx.de>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Magnus Lilja <lilja.magnus at gmail.com>
> ---
> v2:
> - AUTOBOOT_STOP_STR_SHA256 is a string and not bool
> - Add input key length check as suggested by Magnus
> - Add "constant-length" time compare function as suggested
>   by Magnus

May I ask why you don't go all the way and use the salt mechanism
instead of just hashing the password?

Regards; Magnus


More information about the U-Boot mailing list