[PATCH] Adding password protection to U-boot

Werner Almesberger werner at openmoko.org
Tue Jul 8 15:00:28 CEST 2008


Antonio MU?oz wrote:
> Hello all, I would like to know about this topic, is someone still
> working on it? 

I discussed this topic a bit with Thomas Seiler in the context of
making it a general feature on all Neos, and we haven't found a way
to provide such a protection and at the same time avoid breaking the
recovery though u-boot in NOR.

If you just replace u-boot in NAND, getting rid of the password is
trivial: just bring up u-boot from NOR and wipe out the environment
or install a u-boot that doesn't ask for passwords.

If you add the password check also to the u-boot in NOR but store
the password in NAND, this would imply that recovery can be
compromised, e.g., someone who gets hold of an unprotected device
could just write a random password into NAND as a prank.

A secure mechanism could be implemented by replacing the NOR u-boot
with one in which the user's password hash is hard-coded. But you'd
need the debug board for installing that u-boot.

Another possibility would be that each device ships from the factory
with a hard-coded password to access the NOR. I'm not sure if this
would be desirable as a universal feature.

Also note that anyone who has a debug board can easily replace
anything that's in NAND or NOR, so such a password protection would
not be an effective deterrent against theft (chances are that a
thief would only find out later anyway, so it's gone with or without
the password) or more resourceful pranksters.

If you analyze your individual threat profile, you may very well be
able to find a solution that suits you. So I think there can be a
place for a protection that isn't perfect, as long as it's something
a user installs individually.

- Werner



More information about the openmoko-devel mailing list