Secure console modes

phammanh · July 16, 2021, 8:41am

I follow the Secure console modes instruction and add these lines to conf/local.conf

#######
INHERIT += “trustfence”
TRUSTFENCE_CONSOLE_DISABLE = “1”
TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE = “a”
#######

I update the new uboot (I do not update linux and rootfs) and try to press “a” when the module starts, but nothing happends. When I wait longer, the prompt for linux is shown:

#######
Digi Embedded Yocto 3.0-r4 ccimx6ulstarter /dev/ttymxc4

ccimx6ulstarter login:
#######

Is it normal behavior or I did something wrong?

Also, the instructions say that “The passphrase is not stored in the device so it cannot be obtained by reverse engineering, but it could be compromised by a brute force attack”. Where is the passphrase stored?

Thanks in advance.

LeonidM · July 16, 2021, 11:19am

perhaps try a longer password, I’d start with 6 characters.

> Where is the passphrase stored?
The passphrase is not stored anywhere, the image only contains the encrypted hash. When you enter the password, the system will generate an encrypted hash from the password you entered and compare it with the one it has stored. There is no way to recover the password by knowing the hash.

Topic		Replies	Views
Set up secure boot Linux linux , ccimx6ul	5	321	July 1, 2021
How can I verify Rootfs from U-Boot? Linux boot , secure , hab	3	558	December 11, 2019
Bad data CRC after enabled trustfence Linux bitbake , ccimx6ul , trustfence	3	380	July 22, 2020
Secure boot - building image by enabling trustfence-cst Linux firmware-update , security , yocto , trustfence	1	332	March 31, 2020
Why fails authenticating image? Linux yocto , trustfence	3	455	December 5, 2019

Secure console modes

Related Topics