Hi Sascha,
seems I ran into trouble (see below) with CONFIG_SHELL_NONE.
Am Montag, 20. Januar 2020, 20:53:51 CET schrieb Sascha Hauer:
> Hi Christian,
>
> On Mon, Jan 20, 2020 at 05:38:36PM +0100, Christian Eggers wrote:
> > Board: phytec-som-imx6
> >
> > I need to configure barebox in a way, that a malicious attacker can not
> > break into the system. It looks like I need to perform the following
> > steps:
> >
> > 3. Prevent access to the barebox shell
> > --> CONFIG_CMD_LOGIN?
> > --> CONFIG_SHELL_NONE?
>
> I wouldn't trust CONFIG_CMD_LOGIN that much. If you do, at least make
> sure to use a safe hash function for the password, i.e. not the default
> md5.
> Disabling the shell entirely with CONFIG_SHELL_NONE is the best you can
> do. This also forces you to program your boot process in C which helps
> you to get a well defined boot without diving into potentially unsafe
> shell commands.
I've tried to implement my boot process in C. Attaching the MTD partition to
UBI and directly calling bootm_data() looks straightforward and seems to work.
bootm_data_init_defaults(&data);
data.os_file = "/dev/nand0.root.ubi.kernel";
ret = bootm_boot(&data);
if (ret) {
printf("handler failed with: %s\n", strerror(-ret));
goto error_return;
}
Now I'm trying to integrate bootchooser. My first attempt was to call
bootchooser directly from my barebox_main:
bc = bootchooser_get();
if (IS_ERR(bc))
return PTR_ERR(bc);
ret = bootchooser_boot(bc);
bootchooser_put(bc);
Unfortunately this doesn't work, because there is no boot provider available
for booting the result of bootchooser (e.g. "nand0.root.ubi.kernel").
>From the documentation of the "boot" command, this should be possible:
----------------8<---------------
BAREBOX_CMD_HELP_TEXT("BOOTSRC can be:")
BAREBOX_CMD_HELP_TEXT("- a filename under /env/boot/")
BAREBOX_CMD_HELP_TEXT("- a full path to a boot script")
BAREBOX_CMD_HELP_TEXT("- a device name")
BAREBOX_CMD_HELP_TEXT("- a partition name under /dev/") <---- tried this one
BAREBOX_CMD_HELP_TEXT("- a full path to a directory which")
BAREBOX_CMD_HELP_TEXT(" - contains boot scripts, or")
BAREBOX_CMD_HELP_TEXT(" - contains a loader/entries/ directory containing
bootspec entries")
---------------->8---------------
Looking into bootentry_create_from_name() I didn't find how booting from "a
device name" or "a partition name" can work.
Also using the shell doesn't help:
----------------8<---------------
barebox:/ boot nand0.root.ubi.kernel
Nothing bootable found on 'nand0.root.ubi.kernel'
Nothing bootable found
---------------->8---------------
So I'm able to run bootm_boot() directly from C, but I've not found a way to
boot indirectly via bootchooser.
Any hints how I can use bootchooser from my own barebox_main() with
CONFIG_SHELL_NONE?
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
