Dear Petr, In message <201343a2-69c2-6c3e-442b-a228190a8...@elnico.cz> you wrote: > > > attacker? How could you perform such a "switch" between modes? By > > setting some bit somewhere. And it has to be in some persistent > > storage. And the source code of your image is available to the > > public. What should prevent an attacker from undoing your bit > > setting and switching back to "full" mode? > If it was to be an irreversible switch, a reliable way might be to > effectively remove some parts of the program by overwriting them. Not > that I ever have done that, perhaps it's not that easy as I imagine, but > I believe it's possible.
If you are able to overwrite the code, what would an attacker prevent from doing the same? Note that an in-memory modification (life patch) is sufficient. > You are absolutely right, whoever has access to U-Boot, can easily > destroy the system. The main problem is perhaps in my understanding of Not only destroy, He can take control. > the concept. I'm always tempted to keep access to U-Boot "for future > sakes", but have not found a reliable way to deny the access to the > others. Is there a "correct approach"? If security is an issue, then you should 1) use signed images (with sufficient hardware support), and 2) prevent the execution of user-defined, unchecked commands (disable the CLI). > By the way, once I read in some conversation that bad security is no > security, so that's why U-Boot does not implement bad security. From my > point of view, bad security (e.g. password stored in env) is strong > enough to keep away the amateurs who just want to play with it and don't > really know they might destroy the system. Of course it does not secure > the system from the really evil attackers, but what does? As the very first step, you have to define which security level you need. Only then you can access which risks are acceptable and which not. In general it is a good approach to consider an open CLI interface in U-Boot as a mighty tool for all kinds of use. "UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things." - Doug Gwyn Same holds for U-Boot... Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Never ascribe to malice that which can adequately be explained by stupidity. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
