> Hi Wolfgang, > > On 02/10/2012 10:38 PM, Wolfgang Denk wrote: > > Dear Graeme Russ, > > > > In message <CALButCLT2o=7qo4gbm0m5tp3byxpcpqr7sx6wyh09jkcudm...@mail.gmail.com> you wrote: > >> As an adjunct to a recent discussion, I wonder if there would be much > >> point in password protecting access to the U-Boot command line. The > >> password could be saved in an environment variable as an MD-5 or SHA-256 > >> hash. > > > > We already have such protection, even if it's very simplistic: see > > doc/README.autoboot (search for CONFIG_AUTOBOOT_DELAY_STR, > > CONFIG_AUTOBOOT_STOP_STR resp. "bootdelaykey" and "bootstopkey"). > > OK, so the thought of protecting the shell with a password has already > happened...But the implementation is to hard-code the password in the > U-Boot image or to have it unencrypted in the environment > > I think we can agree that there is room for improvement :) > > >> But I wonder if: > >> a) It's worth it, and; > >> b) If it would be secure anyway... > >> > >> When U-Boot environment editing tools available in the host OS, it would > >> be fairly trivial to overwrite the password variable - Unless, of > >> course, the host OS did not support that functionality. > >> > >> This feature may be usefull for devices where every part of the system > >> must be tightly controlled (medical devices, voting machines etc) > > > > Well, in such devices you will typically disable interactive access at > > all. > > Yes, but if you don't allow setting of environment variables from the host > OS, how can you change the settings if you need to
You usually don't want to frob with ie. CPU speed of your Xray :-D M > > Sounds like it's not a 'completely ruled out' idea... > > Regards, > > Graeme > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > http://lists.denx.de/mailman/listinfo/u-boot _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
