Hi Guys,
My 2c worth...
The thought of applying ASLR to improve security is pointless unless you have identified a reason to do so. You can't just apply a security hardening technique willy-nilly and expect you security to improve. The security of a system is equal to the weakest link and no amount of strengthening the other links will improve security
Remember, U-Boot is a boot-loader. It is very transitory. Think about how an attacker could exploit U-Boot (Hint: 10s after booting, they can't)
Network: Hit it with IP packets - But U-Boot only activates network code on as as-needed basis (typically when someone runs a net command like tftp etc) so you already have U-Boot shell access anyway
Serial: Buffer overruns on commands - U-Boot will crash and the board reboots and again, you probably already had/have shell access
So it starts to boil down to protecting access to the shell - Access to the shell opens up all sorts of possibilities such as changing environment variables (including scripts) up to completely replacing the U-Boot image
So my thought would be, if you want to improve U-Boot security, perhaps implement password protection on the shell
Regards,
Graeme