Hi Simon,
Also see cli_process_fdt() which allows you to lock out commands using
a device-tree setting. This avoids changing the U-Boot binary - it is
easy enough to update the device tree using fdtput. This is how Chrome
OS did it.
Hmm, interesting approach. Thanks for your suggestion.
Petr
_
Hi,
On 29 July 2016 at 07:31, Tom Rini wrote:
> On Thu, Jul 28, 2016 at 04:40:29AM -0700, kubiznak.petr wrote:
>
>> Hello,
>>
>> I wonder whether it is possible to dynamically enable/disable a command.
>> Since u-boot does not provide any secure authentication method, it is
>> dangerous to keep s
Dear Petr,
In message <201343a2-69c2-6c3e-442b-a228190a8...@elnico.cz> you wrote:
>
> > attacker? How could you perform such a "switch" between modes? By
> > setting some bit somewhere. And it has to be in some persistent
> > storage. And the source code of your image is available to the
> >
Dear Wolfgang,
On 08/01/2016 10:05 PM, Wolfgang Denk wrote:
How could that ever be "safe" - in the sense of protecting against an
attacker? How could you perform such a "switch" between modes? By
setting some bit somewhere. And it has to be in some persistent
storage. And the source code of
Dear ladis,
Thanks for your comment, I didn't really know about the standalone
applications mechanism, it might surely be useful.
Best Regards,
Petr
On 08/01/2016 10:38 PM, Ladislav Michl wrote:
You can still download U-Boot standalone application implementing whatever
you need to do in pro
On Fri, Jul 29, 2016 at 05:57:58PM +0200, Petr Kubiz??ák wrote:
> Ok, I get it, then I'll have to deal with two defconfigs and reflashing for
> now.
>
> Anyway, at least a user feedback / feature request... I believe it would be
> useful for many users to have a manufacturing mode, which they woul
Dear Petr,
In message <9c257c71-97b6-a83e-3d9d-e3a8459fc...@elnico.cz> you wrote:
>
> Anyway, at least a user feedback / feature request... I believe it would
> be useful for many users to have a manufacturing mode, which they would
> escape permanently by e.g. executing some command. In normal
Dear Petr,
In message <1f085e1d-378c-5f29-2f35-988b8d110...@elnico.cz> you wrote:
>
> I wonder whether it is possible to dynamically enable/disable a command.
> Since u-boot does not provide any secure authentication method, it is
> dangerous to keep some commands available to a potential hacke
Ok, I get it, then I'll have to deal with two defconfigs and reflashing
for now.
Anyway, at least a user feedback / feature request... I believe it would
be useful for many users to have a manufacturing mode, which they would
escape permanently by e.g. executing some command. In normal mode, s
Hi Tom, thanks for your reply.
Such way is of course possible, but you surely know I'm rather
interested in more clever solutions. Besides the understandable fact
that I don't want to maintain two u-boot variants and flash it twice, I
also believe it can be useful to lock "almost everything" a
On Fri, Jul 29, 2016 at 04:37:31PM +0200, Petr Kubizňák wrote:
> Hi Tom, thanks for your reply.
>
> Such way is of course possible, but you surely know I'm rather
> interested in more clever solutions. Besides the understandable fact
> that I don't want to maintain two u-boot variants and flash i
On Thu, Jul 28, 2016 at 04:40:29AM -0700, kubiznak.petr wrote:
> Hello,
>
> I wonder whether it is possible to dynamically enable/disable a command.
> Since u-boot does not provide any secure authentication method, it is
> dangerous to keep some commands available to a potential hacker. E.g.
>
Hello,
I wonder whether it is possible to dynamically enable/disable a command.
Since u-boot does not provide any secure authentication method, it is
dangerous to keep some commands available to a potential hacker. E.g.
the "fuse" command. On the other hand, I need these commands during the
ma
13 matches
Mail list logo
