From: Stefan Roese <sr@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v2 4/4] autoboot.c: Add feature to stop autobooting via SHA256 encrypted password
Date: Fri, 15 May 2015 10:44:45 +0200 [thread overview]
Message-ID: <5555B1FD.8090102@denx.de> (raw)
In-Reply-To: <CAM=E1R6V8Zv2y0unaF3g3=kj=D5Nmdzd+HKwrv-XcJVJWLUFmQ@mail.gmail.com>
Hi Magnus,
On 15.05.2015 09:44, Magnus Lilja wrote:
> On 8 May 2015 at 09:52, Stefan Roese <sr@denx.de> wrote:
>> This patch adds the feature to only stop the autobooting, and therefor
>> boot into the U-Boot prompt, when the input string / password matches
>> a values that is encypted via a SHA256 hash and saved in the environment.
>>
>> This feature is enabled by defined these config options:
>> CONFIG_AUTOBOOT_KEYED
>> CONFIG_AUTOBOOT_STOP_STR_SHA256
>>
>> Signed-off-by: Stefan Roese <sr@denx.de>
>> Cc: Simon Glass <sjg@chromium.org>
>> Cc: Magnus Lilja <lilja.magnus@gmail.com>
>> ---
>> v2:
>> - AUTOBOOT_STOP_STR_SHA256 is a string and not bool
>> - Add input key length check as suggested by Magnus
>> - Add "constant-length" time compare function as suggested
>> by Magnus
>
> May I ask why you don't go all the way and use the salt mechanism
> instead of just hashing the password?
Because its a customer requirement to implement it in this "simple" way.
Even though cracking will be easier than by using this salt mechanism.
If someone needs this stronger encryption support at some time, I
suggest to add it as an additional feature / option then.
Thanks,
Stefan
prev parent reply other threads:[~2015-05-15 8:44 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-07 12:13 [U-Boot] [PATCH v1 0/4] Add SHA256 encrypted stop string for autobooting Stefan Roese
2015-05-07 12:13 ` [U-Boot] [PATCH v1 1/4] Kconfig: Enable usage of escape char '\' in string values Stefan Roese
2015-05-07 12:41 ` Masahiro Yamada
2015-05-07 12:46 ` Stefan Roese
2015-05-07 12:53 ` Masahiro Yamada
2015-05-10 14:48 ` Simon Glass
2015-05-11 7:58 ` Stefan Roese
2015-05-11 13:27 ` Stefan Roese
2015-05-11 22:41 ` Simon Glass
2015-05-13 1:34 ` Masahiro Yamada
2015-05-15 7:13 ` Stefan Roese
2015-05-15 7:49 ` Masahiro Yamada
2015-05-07 12:13 ` [U-Boot] [PATCH v1 2/4] autoboot.c: Remove CONFIG_AUTOBOOT_STOP_STR2 and CONFIG_AUTOBOOT_DELAY_STR2 Stefan Roese
2015-05-07 23:47 ` Simon Glass
2015-05-11 12:38 ` Tom Rini
2015-05-07 12:13 ` [U-Boot] [PATCH v1 3/4] autoboot.c: Move config options to Kconfig Stefan Roese
2015-05-07 23:51 ` Simon Glass
2015-05-08 3:30 ` Masahiro Yamada
2015-05-08 6:00 ` Stefan Roese
2015-05-08 5:55 ` Stefan Roese
2015-05-10 14:49 ` Simon Glass
2015-05-07 12:13 ` [U-Boot] [PATCH v1 4/4] autoboot.c: Add feature to stop autobooting via SHA256 encrypted password Stefan Roese
2015-05-07 20:56 ` Magnus Lilja
2015-05-08 7:52 ` [U-Boot] [PATCH v2 " Stefan Roese
2015-05-10 14:49 ` Simon Glass
2015-05-11 7:16 ` Andreas Bießmann
2015-05-11 7:44 ` Stefan Roese
2015-05-15 7:44 ` Magnus Lilja
2015-05-15 8:44 ` Stefan Roese [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5555B1FD.8090102@denx.de \
--to=sr@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox