btashton commented on issue #3011: URL: https://github.com/apache/incubator-nuttx/issues/3011#issuecomment-794930698
I think one of the biggest reasons that I don't see this as a big deal is that I see the nsh shell as very similar to the uboot shell. The uboot shell offers these all by default. While you certainly can try to offer the shell and lock down firmware access, you have given up a lot at that point. You really should be looking at using a MPU to provide the extra isolation as Greg mentioned but that does not exist for many of these chips. https://www.denx.de/wiki/U-Bootdoc/BasicCommandSet These days I think most people focus on things like firmware signing for integrity over trying to prevent dumping. There are very few chips that cannot be dumped these days, even many of the ones that support encrypted firmware have had that broken. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
