The console is a common attack vector on an embedded product. You can enhance the security of the console, adapting it to your specific product requirements. Digi Embedded for Android allows you to configure the console in one of four modes:

  • Enabled (default)

  • Enabled with passphrase

  • Enabled with GPIO

  • Disabled

U-Boot console configuration options

See Customize U-Boot for more detailed information on how to modify the configuration.

Go to General setup > Console settings in your configuration tool of choice and define the following configuration variables:

  • CONSOLE_DISABLE: This setting disables the U-Boot input and output consoles and performs a silent boot into Linux. You can then choose whether to optionally enable the console in one of two exclusive methods:

    • CONSOLE_ENABLE_GPIO: Use this setting to enable the console when the selected GPIO is high at boot.

      • CONSOLE_ENABLE_GPIO_NR: Use an integer to identify the GPIO pin.

    • CONSOLE_ENABLE_PASSPHRASE: Use this setting to enable the console when the correct passphrase is used at boot time.

      • CONSOLE_ENABLE_PASSPHRASE_KEY: This is the SHA-256 hash of the passphrase in binary form. You can generate it using the following command:

        $ echo -n "mypassphrase" | sha256sum
        788006caf535441ad49e2747bb0edd0203f38a74caacf7c337fc1a9ecfa99cd8  -

How secure console works

When the console is enabled with passphrase or GPIO, the system boots with a silent console so that only introducing the passphrase or setting the GPIO high will enable it. Completely disabling the console without activating a passphrase or GPIO is the highest level of security. Doing so prevents the console from being enabled.

Enable console with passphrase

When this mode is used, the system boots with a silent console. However, the console will be enabled if the passphrase is typed immediately (followed by the Enter key) after U-Boot starts.

The passphrase is not stored in the device, which means it cannot be obtained by reverse engineering. However, it could be compromised by a brute force attack. Configure the following options to enable the console with passphrase:

CONSOLE_DISABLE
CONSOLE_ENABLE_PASSPHRASE
CONSOLE_ENABLE_PASSPHRASE_KEY

This option impacts boot time. The boot process is subject to the following timeouts:

  • 2 seconds per key press: If more than 2 seconds passes and the user did not enter any key, U-Boot aborts the password reading and keeps on booting (without enabling the console). On any key press, this timeout is reset.

  • 10 seconds for the full password: After 10 seconds (even if the user is still pressing keys), U-Boot aborts the password reading and boots without console. This is done to prevent denial of service (DoS) attacks and guarantee that the target will boot even if there is a continuous stream of input data in the serial port.

Enable console with GPIO

You can also configure the system to enable the console with a GPIO.

CONSOLE_DISABLE
CONSOLE_ENABLE_GPIO
CONSOLE_ENABLE_GPIO_NR
This is the least secure configuration. Physical access to the device will compromise the console access.

If passphrase and GPIO are enabled simultaneously, only passphrase will be used.

Define CONSOLE_ENABLE_GPIO_NR to the value of the GPIO pins available on the ConnectCore 8M Mini Development Kit GPIO expansion connector, as shown in the following table.

CONSOLE_ENABLE_GPIO_NR GPIO connector pin GPIO

0

3

GPIO1_10

1

5

GPIO1_11

2

7

GPIO1_13

3

9

GPIO1_14

When the selected GPIO is low, the console remains disabled; when it is high, the console is enabled.

Disable console

To fully disable the console, just set it without enabling any activation source.

CONSOLE_DISABLE