sched/nsh: Remove Hard-coded Default Password#18396
sched/nsh: Remove Hard-coded Default Password#18396Abhishekmishra2808 wants to merge 3 commits intoapache:masterfrom
Conversation
Abhishekmishra2808
requested review from
GUIDINGLI,
Ouss4,
acassis,
anchao,
btashton,
jerpelea,
pussuw,
raiden00pl,
simbit18,
tmedicci,
xiaoxiang781216 and
yamt
as code owners
github-actions
bot
added
Area: Documentation
Abhishekmishra2808
changed the title
|
@Abhishekmishra2808 the Documentation and the boardshould be (each one) in a separated. Normally we separate the logic implementation from the board support and Documentation. |
Abhishekmishra2808
force-pushed
the
Issue-16822
branch
from
53b43ad to
0670d28
Compare
|
Thank you @Abhishekmishra2808 :-)
|
Abhishekmishra2808
force-pushed
the
Issue-16822
branch
from
0670d28 to
0214816
Compare
|
Hi @cederom , I used AI tools only to help refine wording and improve clarity in the description, but the implementation, debugging, and testing were done by me. |
|
@acassis I have fixed the changes suggested by you, and CI was failing because password generation was enabled in the defconfig files without setting a password. I have now removed |
Abhishekmishra2808
changed the title
Abhishekmishra2808
force-pushed
the
Issue-16822
branch
from
3412e4a to
0cccb7e
Compare
|
Hi @Abhishekmishra2808, please rebase first |
Abhishekmishra2808
force-pushed
the
Issue-16822
branch
from
0cccb7e to
9bc112a
Compare
|
hey @simbit18 , |
| #define DEFAULT_KEY1 0x12345678u | ||
| #define DEFAULT_KEY2 0x9abcdef0u | ||
| #define DEFAULT_KEY3 0x12345678u | ||
| #define DEFAULT_KEY4 0x9abcdef0u |
There was a problem hiding this comment.
@Abhishekmishra2808 please use the CONFIG_FSUTILS_PASSWD_KEY1-4 instead.
Also warn the user if these default values are used, so they need to change it.
@also we need to avoid "make savedefconfig" to save these CONFIG_FSUTILS_PASSWD_KEYx otherwise the users can leak their password without been aware of it.
@raiden00pl @simbit18 @xiaoxiang781216 what do you think?
|
@Abhishekmishra2808 please normalize the boards/sim/sim/sim/configs/login/defconfig to this the CI error, run: $ ./tools/refresh.sh --silent sim:login And then squash the modification to your previous commit |
Abhishekmishra2808
force-pushed
the
Issue-16822
branch
from
9bc112a to
f9dff1a
Compare
github-actions
bot
added
Size: XL
| .. code:: console | ||
|
|
||
| $ grep <your-password> boards/<arch>/<chip>/<board>/src/etctmp.c | ||
| # must print nothing |
There was a problem hiding this comment.
@Abhishekmishra2808 could you please add at the end of this Documentation explaining that to avoid leaking user password (CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD) and keys (CONFIG_FSUTILS_PASSWD_KEY1-4) when user run "make savedefconfig" it will not be saved in the defconfig. And if the user needs it in their local defconfig they need to add it manually in their defconfig.
There was a problem hiding this comment.
Thanks- addressed this in the latest commit.
Abhishekmishra2808
force-pushed
the
Issue-16822
branch
from
f9dff1a to
8dd55e8
Compare
|
@Abhishekmishra2808 you need to analyze the errors (just click in the task that failed) and scroll the errors Seem like many boards need to be normalized after that, just an example:
Saving the new configuration file See here how to normalize many profiles are same time (for a board, or a chip family, etc) https://nuttx.apache.org/docs/latest/components/tools/refresh.html |
Abhishekmishra2808
force-pushed
the
Issue-16822
branch
from
8dd55e8 to
c486112
Compare
|
Finally, CI turned green, ready to get final approvals :) |
|
@raiden00pl please review again! |
| endforeach() | ||
|
|
||
| message( | ||
| WARNING "CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD and" |
There was a problem hiding this comment.
why not move to the first patch? the change should be completed in one patch
|
@Abhishekmishra2808 could you refine your patchset?
|
Introduce mkpasswd, a host tool for generating encrypted password files at build time using TEA encryption. This enables secure, credential-free firmware images while allowing build-time password configuration. Changes: * Add mkpasswd.c host tool for TEA-based password hashing and encryption * Integrate mkpasswd into Make build system (tools/Makefile.host) * Add CMake support for mkpasswd compilation and ROMFS passwd generation * Add CONFIG_BOARD_ETC_ROMFS_PASSWD_* configuration options to Kconfig * Implement credential exclusion from defconfig to prevent password leaking * Update savedefconfig.cmake to strip sensitive credentials * Handle common build infrastructure for passwd file auto-generation * Implement default-key warning detection in mkpasswd tool only This provides generic framework before per-board migrations. Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
Migrate boards from static /etc/passwd files to build-time generation: * Remove static etc/passwd files from SIM and ESP32-C3-legacy boards * Update board configurations to enable BOARD_ETC_ROMFS_PASSWD_ENABLE * Configure SIM board with login demo user (admin/Administrator) * Update board build rules to use newly generated passwd files * Remove CMakeLists.txt dependency on static passwd in SIM This completes the infrastructure migration for boards supporting login functionality. Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
Document the new mkpasswd-based password generation system and its integration with the build process. Changes: * Add comprehensive mkpasswd tool documentation to components/tools * Update SIM board docs to explain generated passwd workflow * Update ESP32-C3-legacy board docs for passwd generation * Update RX65N board docs with credential handling guidance * Document how to configure and use BOARD_ETC_ROMFS_PASSWD_* options * Explain security benefits of build-time generation vs static files Helps users understand password configuration and security implications. Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
Abhishekmishra2808
force-pushed
the
Issue-16822
branch
from
c486112 to
4585eb1
Compare
|
@xiaoxiang781216 Thanks for the review feedback. I've refined the patchset as requested and addressed all the comments you made, please check. |
github-actions
bot
added
Size: L
| $(Q) rm -f warning.tmp | ||
| $(Q) rm -f defconfig.tmp | ||
| $(Q) rm -f sortedconfig.tmp | ||
| $(Q) echo "WARNING: CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD was not saved in defconfig." |
There was a problem hiding this comment.
could you remove the warning
| WARNING "CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD and" | ||
| " CONFIG_FSUTILS_PASSWD_KEY1-4 were intentionally excluded from" | ||
| " defconfig by savedefconfig to avoid leaking credentials." | ||
| " Add them manually in local defconfig if needed.") |
There was a problem hiding this comment.
why always output warning
| $(call PREPROCESS, $<, $@) | ||
|
|
||
| $(ETCSRC): $(foreach raw,$(RCRAWS), $(if $(wildcard $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw)), $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw), $(if $(wildcard $(BOARD_COMMON_DIR)$(DELIM)$(raw)), $(BOARD_COMMON_DIR)$(DELIM)$(raw), $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw)))) $(RCOBJS) | ||
| $(ETCSRC): $(foreach raw,$(RCRAWS), $(if $(wildcard $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw)), $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw), $(if $(wildcard $(BOARD_COMMON_DIR)$(DELIM)$(raw)), $(BOARD_COMMON_DIR)$(DELIM)$(raw), $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw)))) $(RCOBJS) $(TOPDIR)$(DELIM).config $(TOPDIR)$(DELIM)tools$(DELIM)mkpasswd.c |
There was a problem hiding this comment.
don't need add the dependence, since you build mkpasswd in action manually
| ifeq ($(CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD),"") | ||
| $(error CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD must be set when BOARD_ETC_ROMFS_PASSWD_ENABLE is enabled. Run 'make menuconfig' to set a password.) | ||
| endif | ||
| $(Q) if [ ! -f $(TOPDIR)$(DELIM)tools$(DELIM)mkpasswd$(HOSTEXEEXT) ] || \ |
There was a problem hiding this comment.
why need change the existence of mkpasswd? make will do it automatically
| ifeq ($(CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD),) | ||
| $(error CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD must be set when BOARD_ETC_ROMFS_PASSWD_ENABLE is enabled. Run 'make menuconfig' to set a password.) | ||
| endif | ||
| ifeq ($(CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD),"") |
There was a problem hiding this comment.
remove the check since mkpasswd already do the check
|
|
||
| config BOARD_ETC_ROMFS_PASSWD_PASSWORD | ||
| string "Admin password (required)" | ||
| default "" |
There was a problem hiding this comment.
remove the default value
|
|
||
| # Auto-generate /etc/passwd at build time if configured | ||
| if(CONFIG_BOARD_ETC_ROMFS_PASSWD_ENABLE) | ||
| if("${CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD}" STREQUAL "") |
8 participants
Summary
This PR introduces build-time generation of the
/etc/passwdfile for the ROMFS image when authentication is enabled.Instead of relying on a static
etc/passwdfile embedded in the source tree, the passwd entry is now generated during the build using the configuration values:CONFIG_ETC_ROMFS_PASSWD_USERCONFIG_ETC_ROMFS_PASSWD_PASSWORDCONFIG_ETC_ROMFS_PASSWD_UIDCONFIG_ETC_ROMFS_PASSWD_GIDCONFIG_ETC_ROMFS_PASSWD_HOMEThe generated passwd entry is written into the ROMFS staging directory and included in the firmware image.
Behavior
Authentication disabled
Authentication enabled
/etc/passwdautomatically.Password missing
CONFIG_ETC_ROMFS_GENPASSWD=ybut the password is empty, the build fails with an explicit error.This ensures that credentials are always explicitly configured when authentication is enabled and prevents firmware images from being built with empty passwords.
Security Improvement
Previously
/etc/passwdcould be included as a static file in the ROMFS source tree.With this change, the credentials are generated at build time and must be explicitly configured, avoiding implicit or default credentials in firmware images.
Testing
Generated passwd entry
Plaintext password check
Build failure when password is empty