Hi Guys, My 2c worth...
The thought of applying ASLR to improve security is pointless unless you have identified a reason to do so. You can't just apply a security hardening technique willy-nilly and expect you security to improve. The security of a system is equal to the weakest link and no amount of strengthening the other links will improve security Remember, U-Boot is a boot-loader. It is very transitory. Think about how an attacker could exploit U-Boot (Hint: 10s after booting, they can't) Network: Hit it with IP packets - But U-Boot only activates network code on as as-needed basis (typically when someone runs a net command like tftp etc) so you already have U-Boot shell access anyway Serial: Buffer overruns on commands - U-Boot will crash and the board reboots and again, you probably already had/have shell access So it starts to boil down to protecting access to the shell - Access to the shell opens up all sorts of possibilities such as changing environment variables (including scripts) up to completely replacing the U-Boot image So my thought would be, if you want to improve U-Boot security, perhaps implement password protection on the shell Regards, Graeme _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
