Hi,
On 29 July 2016 at 07:31, Tom Rini trini@konsulko.com wrote:
On Thu, Jul 28, 2016 at 04:40:29AM -0700, kubiznak.petr wrote:
Hello,
I wonder whether it is possible to dynamically enable/disable a command. Since u-boot does not provide any secure authentication method, it is dangerous to keep some commands available to a potential hacker. E.g. the "fuse" command. On the other hand, I need these commands during the manufacturing process. So my idea is to enable/disable the commands dynamically based on some obscure logic. Is there a way to do it without need to deeply hack the code?
Well, there's a few ways to do this. The first way would simply be to install a different build of U-Boot onto the board than the one used during flashing as part of the manufacturing process.
Also see cli_process_fdt() which allows you to lock out commands using a device-tree setting. This avoids changing the U-Boot binary - it is easy enough to update the device tree using fdtput. This is how Chrome OS did it.
Regards, Simon