* Secure barebox
@ 2015-06-01 9:34 Moritz Warning
2015-06-01 12:06 ` Sascha Hauer
0 siblings, 1 reply; 6+ messages in thread
From: Moritz Warning @ 2015-06-01 9:34 UTC (permalink / raw)
To: barebox
Hi,
I like to secure access to barebox using a password.
passwd seems to be the right command, but setting a
password does not seem to have any effect.
After a reset, access to barebox is not limited as far
as I can tell.
Any ideas?
regards,
mwarning
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Secure barebox
2015-06-01 9:34 Secure barebox Moritz Warning
@ 2015-06-01 12:06 ` Sascha Hauer
2015-06-01 12:12 ` Moritz Warning
0 siblings, 1 reply; 6+ messages in thread
From: Sascha Hauer @ 2015-06-01 12:06 UTC (permalink / raw)
To: Moritz Warning; +Cc: barebox
Hi Moritz,
On Mon, Jun 01, 2015 at 11:34:23AM +0200, Moritz Warning wrote:
> Hi,
>
> I like to secure access to barebox using a password.
> passwd seems to be the right command, but setting a
> password does not seem to have any effect.
>
> After a reset, access to barebox is not limited as far
> as I can tell.
I've never really used password support. I just gave it a try and I can
only say: It's not usable in its current state. The thing you were
missing is: You must set nv.login.timeout to something nonzero:
nv.login.timeout=3; saveenv
Then afterwards I get asked for a password. If I enter this correctly I
get to the prompt, if I enter the wrong password I'm asked for a
password again. However, when I press ctrl-c or just an empty password I
also get to the prompt.
The password protection support is currently implemented in the
/env/bin/init script. This makes the whole stuff very fragile. The
barebox shell is not designed to be secure. Once the shell is started
the system is insecure, so the password asking process should be done
before entering the shell, not from the shell.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Secure barebox
2015-06-01 12:06 ` Sascha Hauer
@ 2015-06-01 12:12 ` Moritz Warning
2015-06-01 12:29 ` Moritz Warning
0 siblings, 1 reply; 6+ messages in thread
From: Moritz Warning @ 2015-06-01 12:12 UTC (permalink / raw)
To: Sascha Hauer; +Cc: barebox
Thanks for the information!
On 06/01/2015 02:06 PM, Sascha Hauer wrote:
> Hi Moritz,
>
> On Mon, Jun 01, 2015 at 11:34:23AM +0200, Moritz Warning wrote:
>> Hi,
>>
>> I like to secure access to barebox using a password.
>> passwd seems to be the right command, but setting a
>> password does not seem to have any effect.
>>
>> After a reset, access to barebox is not limited as far
>> as I can tell.
>
> I've never really used password support. I just gave it a try and I can
> only say: It's not usable in its current state. The thing you were
> missing is: You must set nv.login.timeout to something nonzero:
>
> nv.login.timeout=3; saveenv
>
> Then afterwards I get asked for a password. If I enter this correctly I
> get to the prompt, if I enter the wrong password I'm asked for a
> password again. However, when I press ctrl-c or just an empty password I
> also get to the prompt.
> The password protection support is currently implemented in the
> /env/bin/init script. This makes the whole stuff very fragile. The
> barebox shell is not designed to be secure. Once the shell is started
> the system is insecure, so the password asking process should be done
> before entering the shell, not from the shell.
>
> Sascha
>
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Secure barebox
2015-06-01 12:12 ` Moritz Warning
@ 2015-06-01 12:29 ` Moritz Warning
2015-06-03 8:24 ` Sascha Hauer
0 siblings, 1 reply; 6+ messages in thread
From: Moritz Warning @ 2015-06-01 12:29 UTC (permalink / raw)
To: Sascha Hauer; +Cc: barebox
Oh, anyway; what happens when the timeout is 0.
How can you access the barebox again?
On 06/01/2015 02:12 PM, Moritz Warning wrote:
> Thanks for the information!
>
> On 06/01/2015 02:06 PM, Sascha Hauer wrote:
>> Hi Moritz,
>>
>> On Mon, Jun 01, 2015 at 11:34:23AM +0200, Moritz Warning wrote:
>>> Hi,
>>>
>>> I like to secure access to barebox using a password.
>>> passwd seems to be the right command, but setting a
>>> password does not seem to have any effect.
>>>
>>> After a reset, access to barebox is not limited as far
>>> as I can tell.
>>
>> I've never really used password support. I just gave it a try and I can
>> only say: It's not usable in its current state. The thing you were
>> missing is: You must set nv.login.timeout to something nonzero:
>>
>> nv.login.timeout=3; saveenv
>>
>> Then afterwards I get asked for a password. If I enter this correctly I
>> get to the prompt, if I enter the wrong password I'm asked for a
>> password again. However, when I press ctrl-c or just an empty password I
>> also get to the prompt.
>> The password protection support is currently implemented in the
>> /env/bin/init script. This makes the whole stuff very fragile. The
>> barebox shell is not designed to be secure. Once the shell is started
>> the system is insecure, so the password asking process should be done
>> before entering the shell, not from the shell.
>>
>> Sascha
>>
>
> _______________________________________________
> barebox mailing list
> barebox@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
>
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Secure barebox
2015-06-01 12:29 ` Moritz Warning
@ 2015-06-03 8:24 ` Sascha Hauer
2015-06-08 8:25 ` Moritz Warning
0 siblings, 1 reply; 6+ messages in thread
From: Sascha Hauer @ 2015-06-03 8:24 UTC (permalink / raw)
To: Moritz Warning; +Cc: barebox
On Mon, Jun 01, 2015 at 02:29:47PM +0200, Moritz Warning wrote:
> Oh, anyway; what happens when the timeout is 0.
> How can you access the barebox again?
You can try holding ctrl-c while starting the board. If that doesn't
work I think you have to erase the environment externally. Where do you
boot from?
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Secure barebox
2015-06-03 8:24 ` Sascha Hauer
@ 2015-06-08 8:25 ` Moritz Warning
0 siblings, 0 replies; 6+ messages in thread
From: Moritz Warning @ 2015-06-08 8:25 UTC (permalink / raw)
To: Sascha Hauer; +Cc: barebox
In only need to hold down any key to enter Barebox when the
timeout is set to zero. So you don't lock yourself out.
I was a bit wary to try it out. :)
On 06/03/2015 10:24 AM, Sascha Hauer wrote:
> On Mon, Jun 01, 2015 at 02:29:47PM +0200, Moritz Warning wrote:
>> Oh, anyway; what happens when the timeout is 0.
>> How can you access the barebox again?
>
> You can try holding ctrl-c while starting the board. If that doesn't
> work I think you have to erase the environment externally. Where do you
> boot from?
>
> Sascha
>
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-06-08 8:26 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-06-01 9:34 Secure barebox Moritz Warning
2015-06-01 12:06 ` Sascha Hauer
2015-06-01 12:12 ` Moritz Warning
2015-06-01 12:29 ` Moritz Warning
2015-06-03 8:24 ` Sascha Hauer
2015-06-08 8:25 ` Moritz Warning
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox