Re: [U-Boot] Disable command at runtime

2016-08-10 Thread Petr Kubizňák
Hi Simon, Also see cli_process_fdt() which allows you to lock out commands using a device-tree setting. This avoids changing the U-Boot binary - it is easy enough to update the device tree using fdtput. This is how Chrome OS did it. Hmm, interesting approach. Thanks for your suggestion. Petr

Re: [U-Boot] Disable command at runtime

2016-08-09 Thread Simon Glass
Hi, On 29 July 2016 at 07:31, Tom Rini wrote: > On Thu, Jul 28, 2016 at 04:40:29AM -0700, kubiznak.petr wrote: > >> Hello, >> >> I wonder whether it is possible to dynamically enable/disable a command. >> Since u-boot does not provide any secure authentication method, it is

Re: [U-Boot] Disable command at runtime

2016-08-03 Thread Wolfgang Denk
Dear Petr, In message <201343a2-69c2-6c3e-442b-a228190a8...@elnico.cz> you wrote: > > > attacker? How could you perform such a "switch" between modes? By > > setting some bit somewhere. And it has to be in some persistent > > storage. And the source code of your image is available to the > >

Re: [U-Boot] Disable command at runtime

2016-08-02 Thread Petr Kubizňák
Dear Wolfgang, On 08/01/2016 10:05 PM, Wolfgang Denk wrote: How could that ever be "safe" - in the sense of protecting against an attacker? How could you perform such a "switch" between modes? By setting some bit somewhere. And it has to be in some persistent storage. And the source code of

Re: [U-Boot] Disable command at runtime

2016-08-02 Thread Petr Kubizňák
Dear ladis, Thanks for your comment, I didn't really know about the standalone applications mechanism, it might surely be useful. Best Regards, Petr On 08/01/2016 10:38 PM, Ladislav Michl wrote: You can still download U-Boot standalone application implementing whatever you need to do in

Re: [U-Boot] Disable command at runtime

2016-08-01 Thread Ladislav Michl
On Fri, Jul 29, 2016 at 05:57:58PM +0200, Petr Kubiz??ák wrote: > Ok, I get it, then I'll have to deal with two defconfigs and reflashing for > now. > > Anyway, at least a user feedback / feature request... I believe it would be > useful for many users to have a manufacturing mode, which they

Re: [U-Boot] Disable command at runtime

2016-08-01 Thread Wolfgang Denk
Dear Petr, In message <9c257c71-97b6-a83e-3d9d-e3a8459fc...@elnico.cz> you wrote: > > Anyway, at least a user feedback / feature request... I believe it would > be useful for many users to have a manufacturing mode, which they would > escape permanently by e.g. executing some command. In

Re: [U-Boot] Disable command at runtime

2016-08-01 Thread Wolfgang Denk
Dear Petr, In message <1f085e1d-378c-5f29-2f35-988b8d110...@elnico.cz> you wrote: > > I wonder whether it is possible to dynamically enable/disable a command. > Since u-boot does not provide any secure authentication method, it is > dangerous to keep some commands available to a potential

Re: [U-Boot] Disable command at runtime

2016-07-29 Thread Petr Kubizňák
Ok, I get it, then I'll have to deal with two defconfigs and reflashing for now. Anyway, at least a user feedback / feature request... I believe it would be useful for many users to have a manufacturing mode, which they would escape permanently by e.g. executing some command. In normal mode,

Re: [U-Boot] Disable command at runtime

2016-07-29 Thread Petr Kubizňák
Hi Tom, thanks for your reply. Such way is of course possible, but you surely know I'm rather interested in more clever solutions. Besides the understandable fact that I don't want to maintain two u-boot variants and flash it twice, I also believe it can be useful to lock "almost everything"

Re: [U-Boot] Disable command at runtime

2016-07-29 Thread Tom Rini
On Fri, Jul 29, 2016 at 04:37:31PM +0200, Petr Kubizňák wrote: > Hi Tom, thanks for your reply. > > Such way is of course possible, but you surely know I'm rather > interested in more clever solutions. Besides the understandable fact > that I don't want to maintain two u-boot variants and flash

Re: [U-Boot] Disable command at runtime

2016-07-29 Thread Tom Rini
On Thu, Jul 28, 2016 at 04:40:29AM -0700, kubiznak.petr wrote: > Hello, > > I wonder whether it is possible to dynamically enable/disable a command. > Since u-boot does not provide any secure authentication method, it is > dangerous to keep some commands available to a potential hacker. E.g.

[U-Boot] Disable command at runtime

2016-07-28 Thread kubiznak.petr
Hello, I wonder whether it is possible to dynamically enable/disable a command. Since u-boot does not provide any secure authentication method, it is dangerous to keep some commands available to a potential hacker. E.g. the "fuse" command. On the other hand, I need these commands during the