From: Mike Frysinger <vapier@gentoo.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] Password protection of U-Boot command line
Date: Fri, 10 Feb 2012 15:37:54 -0500 [thread overview]
Message-ID: <201202101537.55364.vapier@gentoo.org> (raw)
In-Reply-To: <201202101529.07088.vapier@gentoo.org>
On Friday 10 February 2012 15:29:05 Mike Frysinger wrote:
> On Friday 10 February 2012 09:12:10 Frans Meulenbroeks wrote:
> > E.g. if you deliver boards/systems with u-boot on it and you do not
> > want customers to enter u-boot (e.g. by accident or because they want
> > to hack the board), but you would allow authorized service personnel
> > to access the board.
>
> i've seen people in the past ship their boards with u-boot defaulting to
> silent mode and the autostop key set to a ctrl sequence. that addresses
> pretty much addresses this.
blah, i need to stop inline editing sentences. "that pretty much addresses
the needs here".
if you're concerned about people attacking the system, you need to be
realistic and lay out exactly what you want to protect and why/how. the best
example in the embedded world i've seen of this so far is the ARM TrustZone
whitepaper. they're realistic and up front with what TrustZone does and does
not protect against.
waving your hands around and saying "doing XXX is more secure and therefore we
should do it" is theater. i'm not against passwords or ASLR or anything else
in u-boot, but like Wolfgang said, let's see the realistic plan.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20120210/b6be31c4/attachment.pgp>
next prev parent reply other threads:[~2012-02-10 20:37 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-10 5:16 [U-Boot] Password protection of U-Boot command line Graeme Russ
2012-02-10 11:38 ` Wolfgang Denk
2012-02-10 11:56 ` Graeme Russ
2012-02-10 12:30 ` Marek Vasut
2012-02-10 13:31 ` Wolfgang Denk
2012-02-10 14:12 ` Frans Meulenbroeks
2012-02-10 14:27 ` Wolfgang Denk
2012-02-10 21:14 ` Frans Meulenbroeks
2012-02-11 0:44 ` Wolfgang Denk
2012-02-10 20:29 ` Mike Frysinger
2012-02-10 20:37 ` Mike Frysinger [this message]
2012-02-11 4:17 ` Graeme Russ
2012-02-11 9:00 ` Frans Meulenbroeks
2012-02-11 20:14 ` Wolfgang Denk
2012-02-12 10:03 ` Graeme Russ
2012-02-11 20:09 ` Wolfgang Denk
2012-02-12 9:33 ` Graeme Russ
2012-02-12 17:52 ` Mike Frysinger
2012-02-12 19:17 ` Wolfgang Denk
2012-02-12 22:31 ` Graeme Russ
2012-02-13 7:31 ` Wolfgang Denk
2012-02-13 11:50 ` Graeme Russ
2012-02-13 14:10 ` Wolfgang Denk
2012-02-10 13:27 ` Wolfgang Denk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201202101537.55364.vapier@gentoo.org \
--to=vapier@gentoo.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox