This is the mail archive of the ecos-discuss@sources.redhat.com mailing list for the eCos project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Protecting RedBoot in the field


On Mon, 2002-10-28 at 03:31, Andrew Lunn wrote:
> Hi Folks
> 
> The devices we send out into the field still have redboot installed on
> them. We are thinking this is a bit dangerous. Anyone can connect to
> the serial port and hijack the devices, download tetris, destroy the
> flash etc.
> 
> I don't want to remove the functionality of redboot. Its useful for
> getting dead devices back to life and we do all our development work
> with redboot starting the system. I don't like the idea of change to a
> ROMRAM application.
> 
> Putting a password login onto the console seems the obvious
> solution. Does anyone have any other ideas or other solutions they are
> already using?

Most units in the field that use RedBoot either don't have a serial
port at all (!) or simply "cover it up" for production use.

That said, I think a password (stored in 'fconfig') would be a
great addition.

-- 
------------------------------------------------------------
Gary Thomas                  |
eCosCentric, Ltd.            |  
+1 (970) 229-1963            |  eCos & RedBoot experts
gthomas@ecoscentric.com      |
http://www.ecoscentric.com/  |
------------------------------------------------------------


-- 
Before posting, please read the FAQ: http://sources.redhat.com/fom/ecos
and search the list archive: http://sources.redhat.com/ml/ecos-discuss


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]