Thanks for the information!
On 06/01/2015 02:06 PM, Sascha Hauer wrote:
Hi Moritz,
On Mon, Jun 01, 2015 at 11:34:23AM +0200, Moritz Warning wrote:
Hi,
I like to secure access to barebox using a password.
passwd seems to be the right command, but setting a
password does not seem to have any effect.
After a reset, access to barebox is not limited as far
as I can tell.
I've never really used password support. I just gave it a try and I can
only say: It's not usable in its current state. The thing you were
missing is: You must set nv.login.timeout to something nonzero:
nv.login.timeout=3; saveenv
Then afterwards I get asked for a password. If I enter this correctly I
get to the prompt, if I enter the wrong password I'm asked for a
password again. However, when I press ctrl-c or just an empty password I
also get to the prompt.
The password protection support is currently implemented in the
/env/bin/init script. This makes the whole stuff very fragile. The
barebox shell is not designed to be secure. Once the shell is started
the system is insecure, so the password asking process should be done
before entering the shell, not from the shell.
Sascha
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
