Dear Frans,
In message CACW_hTY7sv6q+Y9+ojkg2PNJ4GRt0rwKHAHzaSb2SGxYHrioRQ@mail.gmail.com you wrote:
If you want security, then don;t allow access to U-Boot at all, and run an OS. There you can do fancy things, including password protection.
The issue is mainly that we would like a service engineer to upgrade if for some reason the os goes into a not recoverable fault, without an operator accidently (or on purpose) bumping into it
This is a perfectly reasonable requirement. But it needs to be designed in, but providing things like fall back to a previous version, or to a recovery configuration. U-Boot supports allthis, you just have to use it.
Passwords are not a tool that would help here.
Do you realize that you are already talking how to maintain this "security" level in Linux? Then also implement it there! That's where such stuff belongs to.
probably yes. my concern is mostly about being able to repair systems where something is broken and the kernel does not come up as desired but also does not crash and bring us back to u-boot (like what happens if a crc is faulty).
What Mike suggests in a subsequent message of using is more or less secret key is probably already enough for us.
No. What you are looking for is a reliable recovery for a failed software update or an otherwise corrupted system. That's a completely different topic - but it's standard techology, and nothing to worry about.
Best regards,
Wolfgang Denk