Hi Wolfgang, On 02/10/2012 10:38 PM, Wolfgang Denk wrote: > Dear Graeme Russ, > > In message > <CALButCLT2o=7qo4gbm0m5tp3byxpcpqr7sx6wyh09jkcudm...@mail.gmail.com> you > wrote: >> >> As an adjunct to a recent discussion, I wonder if there would be much >> point in password protecting access to the U-Boot command line. The >> password could be saved in an environment variable as an MD-5 or SHA-256 >> hash. > > We already have such protection, even if it's very simplistic: see > doc/README.autoboot (search for CONFIG_AUTOBOOT_DELAY_STR, > CONFIG_AUTOBOOT_STOP_STR resp. "bootdelaykey" and "bootstopkey").
OK, so the thought of protecting the shell with a password has already happened...But the implementation is to hard-code the password in the U-Boot image or to have it unencrypted in the environment I think we can agree that there is room for improvement :) >> But I wonder if: >> >> a) It's worth it, and; >> b) If it would be secure anyway... >> >> When U-Boot environment editing tools available in the host OS, it would >> be fairly trivial to overwrite the password variable - Unless, of course, >> the host OS did not support that functionality. >> >> This feature may be usefull for devices where every part of the system >> must be tightly controlled (medical devices, voting machines etc) > > Well, in such devices you will typically disable interactive access at > all. Yes, but if you don't allow setting of environment variables from the host OS, how can you change the settings if you need to Sounds like it's not a 'completely ruled out' idea... Regards, Graeme _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
