[U-Boot] [PATCH v2 4/4] autoboot.c: Add feature to stop autobooting via SHA256 encrypted password

Stefan Roese sr at denx.de
Fri May 15 10:44:45 CEST 2015


Hi Magnus,

On 15.05.2015 09:44, Magnus Lilja wrote:
> On 8 May 2015 at 09:52, Stefan Roese <sr at denx.de> wrote:
>> This patch adds the feature to only stop the autobooting, and therefor
>> boot into the U-Boot prompt, when the input string / password matches
>> a values that is encypted via a SHA256 hash and saved in the environment.
>>
>> This feature is enabled by defined these config options:
>>       CONFIG_AUTOBOOT_KEYED
>>       CONFIG_AUTOBOOT_STOP_STR_SHA256
>>
>> Signed-off-by: Stefan Roese <sr at denx.de>
>> Cc: Simon Glass <sjg at chromium.org>
>> Cc: Magnus Lilja <lilja.magnus at gmail.com>
>> ---
>> v2:
>> - AUTOBOOT_STOP_STR_SHA256 is a string and not bool
>> - Add input key length check as suggested by Magnus
>> - Add "constant-length" time compare function as suggested
>>    by Magnus
>
> May I ask why you don't go all the way and use the salt mechanism
> instead of just hashing the password?

Because its a customer requirement to implement it in this "simple" way. 
Even though cracking will be easier than by using this salt mechanism. 
If someone needs this stronger encryption support at some time, I 
suggest to add it as an additional feature / option then.

Thanks,
Stefan



More information about the U-Boot mailing list