Serial port and root terminal

18 views
Skip to first unread message

Konstantinos Aravanis

unread,
Jan 30, 2012, 7:02:18 AM1/30/12
to Bifferboard
Hello,

I would like to ask a question.

Currently when a biffer is connected through its serial port to a pc
we can access it as root with a terminal (minicom).

This would be a security leak for a project that I am implementing. Is
there any way to ask for a password when we try to acceess the biffer
through the serial port.

Thanks in advance,
Kostas

biff...@yahoo.co.uk

unread,
Jan 31, 2012, 7:48:06 AM1/31/12
to Bifferboard

Sure, it's possible but is it worth it? Do you realise you have a
connection to the bootloader (Biffboot) when the board powers up?
This means you can flash another kernel over the serial port if you
send an 'ESC' character at the right time, so if that port is open to
the public you have bigger problems than shell access!

regards,
Biff.

Petr Kracik

unread,
Jan 31, 2012, 3:27:55 PM1/31/12
to biffe...@googlegroups.com
At other side if he want protect actual data, then It's not too much pointless, since flash-over will destroy actual data on flash...
Also I know they can boot kernel from network and access to MTD without rewrite.. for this cases there could be root flash encrypted... And if someone reboot it into flash-mode or boot another kernel, there could be some monitoring system so depends how far it will be, and he can just come here and just "nab" these attacker :)

Regards,
--Petr


Petr Kracik
email/jabber: pet...@gmail.com
ICQ: 136530439
IRC: GoseiKnight @ SynIRC
IRC: petrkr @ freeNode


--
To unsubscribe send email to bifferboard...@googlegroups.com

biff...@yahoo.co.uk

unread,
Jan 31, 2012, 4:37:56 PM1/31/12
to Bifferboard

On Jan 31, 8:27 pm, Petr Kracik <pet...@gmail.com> wrote:
> ... since flash-over will destroy actual data on flash.

But not the data on USB :).

Konstantinos Aravanis

unread,
Jan 31, 2012, 7:59:17 PM1/31/12
to biffe...@googlegroups.com
Thanks for your responses.

I want to protect some of the stored data as Petr said.

So... because I am a noob with biffer and OpenWrt, can anyone give me any hints on how to do that?

Thanks in advance,
Kostas
--
Konstantinos Aravanis // sbosx
My site & blog: http://AravanisKostas.com
http://python.org.gr - Ελληνική Κοινότητα Προγραμματιστών Python

Andrew Scheller

unread,
Jan 31, 2012, 9:36:26 PM1/31/12
to biffe...@googlegroups.com
As Petr has said, it all depends how far you want to go, i.e. how
important is it that your data stays secret, and how far is the other
party prepared to go to reveal that secret data?

I believe a super-determined hacker/cracker could dump the entire
Flash-chip data over JTAG, 'replay' it in qemu, and then just read the
emulated memory from qemu debug... but that's obviously quite extreme!
The easiest (but weakest) security measure would just be super-gluing
the case shut... ;-) Or covering the serial console pins in hot-glue.

Do you want to disable the serial console entirely, just disable all
serial console logins, or only disable password-less serial console
logins?
etc. etc.

A lot of this (such as disabling/enabling serial logins) is standard
Linux stuff so google will be a big help
e.g. http://www.google.co.uk/search?q=linux%20disable%20serial%20console
(but obviously ignore any grub-specifics)

Andrew

2012/2/1 Konstantinos Aravanis <kos....@gmail.com>:

Petr Kracik

unread,
Feb 1, 2012, 2:09:48 AM2/1/12
to biffe...@googlegroups.com
Then hacker does not need access to Serial port, just take flash drive from USB port and disappear. Then it's pointless to securing serial port.

If that biff will be on network and place where it will be is "public" and data are secret.. Then probably best could be some network storage over NFS/SMB/Whatever with restriction on their side...


<<also data on USB could be encrypted same as hard-drive can (I have one at home by standard kernel module)>>

--
Petr


Petr Kracik
email/Jabber: pet...@gmail.com
IRC: GoseiKnight @ SynIRC
IRC: petrkr @ freeNode

On Jan 31, 8:27 pm, Petr Kracik <pet...@gmail.com> wrote:
> ... since flash-over will destroy actual data on flash.

But not the data on USB :).

Konstantinos Aravanis

unread,
Feb 2, 2012, 6:41:18 AM2/2/12
to biffe...@googlegroups.com
Hello,

I am really thankful for all the all that information. :)

I have the OpenWrt installed on the biffer's flash and not to some USB drive.

I just want to disable password-less logins on the serial port. It is important for me to use the serial console, so I can't "destroy" the serial port.


I am aware of the other issues. I was thinking to encrypt the filesystem but I will not have physical access to the biffer in order to decrypt it by giving to it the appropriate key.  In future I will think a work around. This is not a problem for the time being.

Thanks again,
Kostas
Reply all
Reply to author
Forward
0 new messages