Dear Graeme Russ,
In message 4F3505F8.1070504@gmail.com you wrote:
We already have such protection, even if it's very simplistic: see doc/README.autoboot (search for CONFIG_AUTOBOOT_DELAY_STR, CONFIG_AUTOBOOT_STOP_STR resp. "bootdelaykey" and "bootstopkey").
OK, so the thought of protecting the shell with a password has already happened...But the implementation is to hard-code the password in the U-Boot image or to have it unencrypted in the environment
It depends on the purpose. Here the goal was more to prevent unintentional interruption of the boot sequence by arbitrary line noise, for example when the serial console port is connected to a modem ...
I think we can agree that there is room for improvement :)
Always, and everywhere.
Yes, but if you don't allow setting of environment variables from the host OS, how can you change the settings if you need to
It depends on which interfaces you want to provide and how secure your system must be.
If you provide some user interface which only allows to change a welldefined set of variables (say, though some GUI, or web based), then you can have both the "change settings" and the "be secure" parts.
If someone has low-level access to the board he can probably always do everything, it's just a matter of how easy it is.
Sounds like it's not a 'completely ruled out' idea...
Not exactly ruled out. It's more a question of how much effort versus how much benefit.
Best regards,
Wolfgang Denk