Dear Graeme Russ, In message <CALButCLT2o=7qo4gbm0m5tp3byxpcpqr7sx6wyh09jkcudm...@mail.gmail.com> you wrote: > > As an adjunct to a recent discussion, I wonder if there would be much > point in password protecting access to the U-Boot command line. The > password could be saved in an environment variable as an MD-5 or SHA-256 > hash.
We already have such protection, even if it's very simplistic: see doc/README.autoboot (search for CONFIG_AUTOBOOT_DELAY_STR, CONFIG_AUTOBOOT_STOP_STR resp. "bootdelaykey" and "bootstopkey"). > But I wonder if: > > a) It's worth it, and; > b) If it would be secure anyway... > > When U-Boot environment editing tools available in the host OS, it would > be fairly trivial to overwrite the password variable - Unless, of course, > the host OS did not support that functionality. > > This feature may be usefull for devices where every part of the system > must be tightly controlled (medical devices, voting machines etc) Well, in such devices you will typically disable interactive access at all. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Extended Epstein-Heisenberg Principle: In an R & D orbit, only 2 of the existing 3 parameters can be defined simultaneously. The parame- ters are: task, time and resources ($). _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
