Dear Graeme Russ, In message <4f3505f8.1070...@gmail.com> you wrote: > > > We already have such protection, even if it's very simplistic: see > > doc/README.autoboot (search for CONFIG_AUTOBOOT_DELAY_STR, > > CONFIG_AUTOBOOT_STOP_STR resp. "bootdelaykey" and "bootstopkey"). > > OK, so the thought of protecting the shell with a password has already > happened...But the implementation is to hard-code the password in the > U-Boot image or to have it unencrypted in the environment >
It depends on the purpose. Here the goal was more to prevent unintentional interruption of the boot sequence by arbitrary line noise, for example when the serial console port is connected to a modem ... > I think we can agree that there is room for improvement :) Always, and everywhere. > Yes, but if you don't allow setting of environment variables from the host > OS, how can you change the settings if you need to It depends on which interfaces you want to provide and how secure your system must be. If you provide some user interface which only allows to change a welldefined set of variables (say, though some GUI, or web based), then you can have both the "change settings" and the "be secure" parts. If someone has low-level access to the board he can probably always do everything, it's just a matter of how easy it is. > Sounds like it's not a 'completely ruled out' idea... Not exactly ruled out. It's more a question of how much effort versus how much benefit. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de The day-to-day travails of the IBM programmer are so amusing to most of us who are fortunate enough never to have been one - like watching Charlie Chaplin trying to cook a shoe. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
