Dear Frans, In message <cacw_htyv179qwbquiuv_qqbe_bly9b_h-qpzsbcjkpio9-2...@mail.gmail.com> you wrote: > > Graeme, if you want to keep people outisde the bootloader in a > reasonably safe way and are developing your own hardware an option is > to put the password in e.g. an eeprom and do a compare in u-boot. > Of course a persistent hacker could retrieve the password but a casual > user will not be able to enter.
For a "casual user" the existing CONFIG_AUTOBOOT_KEYED feature is usually sufficient. A "persistent hacker" will not be kept out in either of these ways if he has access to the U-Boot command line. If needed, he will install or otherwise run code that skips these steps. > Having the password in eeprom makes that it is not disclosed with the > code, it can be changed etc. Just make sure users do not have easy > (sw) access to the device the password resides in, so e.g.disable > access one way or another. You will still publish the code that implements these restrrictions, so guess how difficult it is to work around it? > One other way to prevent accidental access would be a jumper. If > present no access to u-boot possible at all, if not present access is > possible. And some stuff on it to view if it is tampered with. > (if the jumper raises or lowers a gpio device on an i2c chip this can > be easily detected in a u-boot script and depending on that action > could be taken). None of this is actually adding any kid of "security" or "protection" to a device. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Horses just naturally have mohawk haircuts. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
