Secure barebox

Sascha Hauer s.hauer at pengutronix.de
Mon Jun 1 05:06:52 PDT 2015


Hi Moritz,

On Mon, Jun 01, 2015 at 11:34:23AM +0200, Moritz Warning wrote:
> Hi,
> 
> I like to secure access to barebox using a password.
> passwd seems to be the right command, but setting a
> password does not seem to have any effect.
> 
> After a reset, access to barebox is not limited as far
> as I can tell.

I've never really used password support. I just gave it a try and I can
only say: It's not usable in its current state. The thing you were
missing is: You must set nv.login.timeout to something nonzero:

nv.login.timeout=3; saveenv

Then afterwards I get asked for a password. If I enter this correctly I
get to the prompt, if I enter the wrong password I'm asked for a
password again. However, when I press ctrl-c or just an empty password I
also get to the prompt.
The password protection support is currently implemented in the
/env/bin/init script. This makes the whole stuff very fragile. The
barebox shell is not designed to be secure. Once the shell is started
the system is insecure, so the password asking process should be done
before entering the shell, not from the shell.

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



More information about the barebox mailing list