Dear Frans,
In message CACW_hTYv179qWbQUiuv_qQbE_bLy9b_H-qpZSbcjkPio9-2yzg@mail.gmail.com you wrote:
Graeme, if you want to keep people outisde the bootloader in a reasonably safe way and are developing your own hardware an option is to put the password in e.g. an eeprom and do a compare in u-boot. Of course a persistent hacker could retrieve the password but a casual user will not be able to enter.
For a "casual user" the existing CONFIG_AUTOBOOT_KEYED feature is usually sufficient.
A "persistent hacker" will not be kept out in either of these ways if he has access to the U-Boot command line. If needed, he will install or otherwise run code that skips these steps.
Having the password in eeprom makes that it is not disclosed with the code, it can be changed etc. Just make sure users do not have easy (sw) access to the device the password resides in, so e.g.disable access one way or another.
You will still publish the code that implements these restrrictions, so guess how difficult it is to work around it?
One other way to prevent accidental access would be a jumper. If present no access to u-boot possible at all, if not present access is possible. And some stuff on it to view if it is tampered with. (if the jumper raises or lowers a gpio device on an i2c chip this can be easily detected in a u-boot script and depending on that action could be taken).
None of this is actually adding any kid of "security" or "protection" to a device.
Best regards,
Wolfgang Denk