[PATCH] Adding password protection to U-boot
Francesco Albanese
frances.albanese at gmail.com
Wed Jun 11 13:43:37 CEST 2008
I was not aware about the backup NOR: I've worked on GTA01v4 indeed.
However, if both the NAND and NOR bootloader share the same partition
of env_var, patching both of them is still effective against
unauthorized operations.
Using a random salt is much more better than my quick and dirty
solution: I'll add this feature soon and I'll resend the patch.
Cheers,
FA
On Wed, Jun 11, 2008 at 7:21 AM, Joerg Reisenweber <joerg at openmoko.org> wrote:
> Am Di 10. Juni 2008 schrieb Francesco Albanese:
>> Hello,
>>
>> this is a patch for u-boot1.3.2rc2 compiled and patched using
>> MMakefile. I've added a new command "lock" for setting a password to
>> lock/unlock the access to the terminal and prevent flashing the device
>> via DFU.
>>
>> Features:
>>
>> - Password stored as SHA256 non-salted hash and written in the env
>> var. partition (a salting method can be added afterwards)
>> - If the password is set, user is prompted for a password after a
>> serial connection is established
>> - If the device is locked down, a DFU flashing attempt will produce an
>> on-screen error on the Neo
>
> Anyway, remember you have TWO bootloaders to patch on FR: NAND *plus* NOR.
> NOR can be flashed by debug board only. So maybe it's a good idea to
> check/evaluate this patch and then use it for factory NOR-boot (password
> unset of course). Otherwise it won't become a story of bold success.
>
> btw: IMEI is a bad candidate for salt. Too predictable, no real random but a
> small interval - not all existing and possible IMEIs are used on Neos. If you
> think of GSM for random, maybe a few data of actual network conditions would
> serve better, like cell-id of current and neighbour cells.
>
> cheers
> jOERG
>
More information about the openmoko-devel
mailing list
