The console is an important attack vector on an embedded product. You can use the TRUSTFENCE_CONSOLE set of macros to enhance the security of the console, adapting it to your specific product requirements. Digi Embedded Yocto allows you to configure the console in one of four modes:
Enabled with passphrase
Enabled with GPIO
|By default, inheriting the TrustFence class does not disable the console.|
Disable the console
To completely disable the product’s console, both in the U-Boot bootloader and the Linux user space, use the following configuration in your project’s conf/local.conf:
INHERIT += "trustfence" TRUSTFENCE_CONSOLE_DISABLE = "1"
This is the recommended configuration, and it provides the highest level of security.
Configure passphrase-enabled console
You can also configure the console to be enabled by a secure passphrase using the following configuration in your project’s conf/local.conf. The passphrase is not stored in the device so it cannot be obtained by reverse engineering, but it could be compromised by a brute force attack.
INHERIT += "trustfence" TRUSTFENCE_CONSOLE_DISABLE = "1" TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE = "my_secure_password"
With the above configuration, the system will boot with a silent console. However, if the passphrase is typed immediately after U-Boot starts the console will be enabled.
This option impacts the boot time. Specifically, two timeouts are used:
Configure GPIO-enabled console
Finally, you can also configure the system to enable the console with a GPIO.
INHERIT += "trustfence" TRUSTFENCE_CONSOLE_DISABLE = "1" TRUSTFENCE_CONSOLE_GPIO_ENABLE = "1"
This is the least secure configuration. Physical access to the device will compromise the console access.
|TrustFence cannot be configured for both passphrase- and GPIO-enabled console. If both configuration options are present, passphrase-enabled will be used.|
When the selected GPIO is low, the console remains disabled; when it is high, the console is enabled.