Hi Simon,
Also see cli_process_fdt() which allows you to lock out commands using
a device-tree setting. This avoids changing the U-Boot binary - it is
easy enough to update the device tree using fdtput. This is how Chrome
OS did it.
Hmm, interesting approach. Thanks for your suggestion.
Petr
Hi,
On 29 July 2016 at 07:31, Tom Rini wrote:
> On Thu, Jul 28, 2016 at 04:40:29AM -0700, kubiznak.petr wrote:
>
>> Hello,
>>
>> I wonder whether it is possible to dynamically enable/disable a command.
>> Since u-boot does not provide any secure authentication method, it is
Dear Petr,
In message <201343a2-69c2-6c3e-442b-a228190a8...@elnico.cz> you wrote:
>
> > attacker? How could you perform such a "switch" between modes? By
> > setting some bit somewhere. And it has to be in some persistent
> > storage. And the source code of your image is available to the
> >
Dear Wolfgang,
On 08/01/2016 10:05 PM, Wolfgang Denk wrote:
How could that ever be "safe" - in the sense of protecting against an
attacker? How could you perform such a "switch" between modes? By
setting some bit somewhere. And it has to be in some persistent
storage. And the source code of
Dear ladis,
Thanks for your comment, I didn't really know about the standalone
applications mechanism, it might surely be useful.
Best Regards,
Petr
On 08/01/2016 10:38 PM, Ladislav Michl wrote:
You can still download U-Boot standalone application implementing whatever
you need to do in
On Fri, Jul 29, 2016 at 05:57:58PM +0200, Petr Kubiz??ák wrote:
> Ok, I get it, then I'll have to deal with two defconfigs and reflashing for
> now.
>
> Anyway, at least a user feedback / feature request... I believe it would be
> useful for many users to have a manufacturing mode, which they
Dear Petr,
In message <9c257c71-97b6-a83e-3d9d-e3a8459fc...@elnico.cz> you wrote:
>
> Anyway, at least a user feedback / feature request... I believe it would
> be useful for many users to have a manufacturing mode, which they would
> escape permanently by e.g. executing some command. In
Dear Petr,
In message <1f085e1d-378c-5f29-2f35-988b8d110...@elnico.cz> you wrote:
>
> I wonder whether it is possible to dynamically enable/disable a command.
> Since u-boot does not provide any secure authentication method, it is
> dangerous to keep some commands available to a potential
Ok, I get it, then I'll have to deal with two defconfigs and reflashing
for now.
Anyway, at least a user feedback / feature request... I believe it would
be useful for many users to have a manufacturing mode, which they would
escape permanently by e.g. executing some command. In normal mode,
Hi Tom, thanks for your reply.
Such way is of course possible, but you surely know I'm rather
interested in more clever solutions. Besides the understandable fact
that I don't want to maintain two u-boot variants and flash it twice, I
also believe it can be useful to lock "almost everything"
On Fri, Jul 29, 2016 at 04:37:31PM +0200, Petr Kubizňák wrote:
> Hi Tom, thanks for your reply.
>
> Such way is of course possible, but you surely know I'm rather
> interested in more clever solutions. Besides the understandable fact
> that I don't want to maintain two u-boot variants and flash
On Thu, Jul 28, 2016 at 04:40:29AM -0700, kubiznak.petr wrote:
> Hello,
>
> I wonder whether it is possible to dynamically enable/disable a command.
> Since u-boot does not provide any secure authentication method, it is
> dangerous to keep some commands available to a potential hacker. E.g.
Hello,
I wonder whether it is possible to dynamically enable/disable a command.
Since u-boot does not provide any secure authentication method, it is
dangerous to keep some commands available to a potential hacker. E.g.
the "fuse" command. On the other hand, I need these commands during the
13 matches
Mail list logo