Hi Wolfgang,
On 02/10/2012 10:38 PM, Wolfgang Denk wrote:
Dear Graeme Russ,
In message CALButCLT2o=7QO4GbM0M5Tp3BYXPCpqr7Sx6WYH09JKcUdMFSA@mail.gmail.com you wrote:
As an adjunct to a recent discussion, I wonder if there would be much point in password protecting access to the U-Boot command line. The password could be saved in an environment variable as an MD-5 or SHA-256 hash.
We already have such protection, even if it's very simplistic: see doc/README.autoboot (search for CONFIG_AUTOBOOT_DELAY_STR, CONFIG_AUTOBOOT_STOP_STR resp. "bootdelaykey" and "bootstopkey").
OK, so the thought of protecting the shell with a password has already happened...But the implementation is to hard-code the password in the U-Boot image or to have it unencrypted in the environment
I think we can agree that there is room for improvement :)
But I wonder if:
a) It's worth it, and; b) If it would be secure anyway...
When U-Boot environment editing tools available in the host OS, it would be fairly trivial to overwrite the password variable - Unless, of course, the host OS did not support that functionality.
This feature may be usefull for devices where every part of the system must be tightly controlled (medical devices, voting machines etc)
Well, in such devices you will typically disable interactive access at all.
Yes, but if you don't allow setting of environment variables from the host OS, how can you change the settings if you need to
Sounds like it's not a 'completely ruled out' idea...
Regards,
Graeme