[U-Boot] Disable command at runtime

Wolfgang Denk wd at denx.de
Mon Aug 1 22:05:00 CEST 2016


Dear Petr,

In message <9c257c71-97b6-a83e-3d9d-e3a8459fc080 at elnico.cz> you wrote:
> 
> Anyway, at least a user feedback / feature request... I believe it would 
> be useful for many users to have a manufacturing mode, which they would 
> escape permanently by e.g. executing some command. In normal mode, some 
> commands would be disabled. Logic would be similar to 
> CONFIG_OVERWRITE_ETHADDR_ONCE.

How could that ever be "safe" - in the sense of protecting against an
attacker?  How could you perform such a "switch" between modes?  By
setting some bit somewhere.  And it has to be in some persistent
storage.  And the source code of your image is available to the
public.  What should prevent an attacker from undoing your bit
setting and switching back to "full" mode?

U-Boot is a boot loader, not a high security environment.  If you
grand somebody access to the U-Boot command line interface, he owns
the system.  If not directly, so by just pulling a few simple tricks.

Best regards,

Wolfgang Denk

--
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
If it went on at this rate, in several billion  years  he'd  be  rich
beyond his wildest dreams!            - Terry Pratchett, _Soul Music_


More information about the U-Boot mailing list