[ECOS] Protecting RedBoot in the field
Gary Thomas
gthomas@ecoscentric.com
Mon Oct 28 07:13:00 GMT 2002
On Mon, 2002-10-28 at 03:31, Andrew Lunn wrote:
> Hi Folks
>
> The devices we send out into the field still have redboot installed on
> them. We are thinking this is a bit dangerous. Anyone can connect to
> the serial port and hijack the devices, download tetris, destroy the
> flash etc.
>
> I don't want to remove the functionality of redboot. Its useful for
> getting dead devices back to life and we do all our development work
> with redboot starting the system. I don't like the idea of change to a
> ROMRAM application.
>
> Putting a password login onto the console seems the obvious
> solution. Does anyone have any other ideas or other solutions they are
> already using?
Most units in the field that use RedBoot either don't have a serial
port at all (!) or simply "cover it up" for production use.
That said, I think a password (stored in 'fconfig') would be a
great addition.
--
------------------------------------------------------------
Gary Thomas |
eCosCentric, Ltd. |
+1 (970) 229-1963 | eCos & RedBoot experts
gthomas@ecoscentric.com |
http://www.ecoscentric.com/ |
------------------------------------------------------------
--
Before posting, please read the FAQ: http://sources.redhat.com/fom/ecos
and search the list archive: http://sources.redhat.com/ml/ecos-discuss
More information about the Ecos-discuss
mailing list