From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail.meteocontrol.de ([62.245.201.114]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1YzOrI-0008Cq-4Q for barebox@lists.infradead.org; Mon, 01 Jun 2015 12:30:26 +0000 Message-ID: <556C503B.4010405@meteocontrol.de> Date: Mon, 1 Jun 2015 14:29:47 +0200 From: Moritz Warning MIME-Version: 1.0 References: <556C271F.6040005@meteocontrol.de> <20150601120652.GH6325@pengutronix.de> <556C4C10.3010400@meteocontrol.de> In-Reply-To: <556C4C10.3010400@meteocontrol.de> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "barebox" Errors-To: barebox-bounces+u.kleine-koenig=pengutronix.de@lists.infradead.org Subject: Re: Secure barebox To: Sascha Hauer Cc: "barebox@lists.infradead.org" Oh, anyway; what happens when the timeout is 0. How can you access the barebox again? On 06/01/2015 02:12 PM, Moritz Warning wrote: > Thanks for the information! > > On 06/01/2015 02:06 PM, Sascha Hauer wrote: >> Hi Moritz, >> >> On Mon, Jun 01, 2015 at 11:34:23AM +0200, Moritz Warning wrote: >>> Hi, >>> >>> I like to secure access to barebox using a password. >>> passwd seems to be the right command, but setting a >>> password does not seem to have any effect. >>> >>> After a reset, access to barebox is not limited as far >>> as I can tell. >> >> I've never really used password support. I just gave it a try and I can >> only say: It's not usable in its current state. The thing you were >> missing is: You must set nv.login.timeout to something nonzero: >> >> nv.login.timeout=3; saveenv >> >> Then afterwards I get asked for a password. If I enter this correctly I >> get to the prompt, if I enter the wrong password I'm asked for a >> password again. However, when I press ctrl-c or just an empty password I >> also get to the prompt. >> The password protection support is currently implemented in the >> /env/bin/init script. This makes the whole stuff very fragile. The >> barebox shell is not designed to be secure. Once the shell is started >> the system is insecure, so the password asking process should be done >> before entering the shell, not from the shell. >> >> Sascha >> > > _______________________________________________ > barebox mailing list > barebox@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/barebox > _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox