Hi, In an effort to mitigate a potential security vulnerability, I am attempting to disable u-boot Serial Console output which I am monitoring via FTDI. This can be done by modifying the source of U-Boot to configure the device for silent booting (https://github.com/rickyzhang82/u-boot4bbb/blob/master/doc/README.silent)
I am running Debian 9.9 Stretch IoT on a Beaglebone Black Wireless. Here is what I have done thus far: ------------------------------------------------- *Download U-boot* ----------------------------------------------- wget ftp://ftp.denx.de/pub/u-boot/u-boot-2019.04.tar.bz2 tar -xjf u-boot-2019.04.tar.bz2 cd u-boot-2019.04/ ## from https://rcn-ee.com/repos/git/u-boot-patches/ wget -c https://github.com/eewiki/u-boot-patches/raw/master/v2019.04/0001-am335x_evm-uEnv.txt-bootz-n-fixes.patch wget -c https://github.com/eewiki/u-boot-patches/raw/master/v2019.04/0002-U-Boot-BeagleBone-Cape-Manager.patch patch -p1 < 0001-am335x_evm-uEnv.txt-bootz-n-fixes.patch patch -p1 < 0002-U-Boot-BeagleBone-Cape-Manager.patch ------------------------------------------------- *Modify U-boot to disable console output* ------------------------------------------------- cd /u-boot-2019.04/include/configs vim am335x_evm.h (add bolded) *#define CONFIG_SILENT_CONSOLE* *#define CONFIG_SYS_DEVICE_NULLDEV* *#define CONFIG_SILENT_CONSOLE_UPDATE_ON_RELOC* … #define CONFIG_EXTRA_ENV_SETTINGS \ DEFAULT_LINUX_BOOT_ENV \ DEFAULT_MMC_TI_ARGS \ DEFAULT_FIT_TI_ARGS \ "bootpart=0:2\0" \ "bootdir=/boot\0" \ "bootfile=zImage\0" \ "board_eeprom_header=undefined\0" \ "fdtfile=undefined\0" \ *"silent=1\0" \* "console=ttyO0,115200n8\0" \ ------------------------------------------------- *Compile* ------------------------------------------------- cd ../.. make ARCH=arm CROSS_COMPILE=${CC} distclean make ARCH=arm CROSS_COMPILE=${CC} am335x_evm_defconfig make ARCH=arm CROSS_COMPILE=${CC} ls -l MLO u-boot.img ------------------------------------------------- *Update u-boot on image* ------------------------------------------------- dd if=MLO of=/dev/mmcblk1 bs=512 seek=256 count=256 conv=notrunc dd if=u-boot.img of=/dev/mmcblk1 bs=512 seek=768 count=1024 conv=notrunc ------------------------------------------------- *Reboot* ------------------------------------------------- However, the serial console which I am monitoring via FTDI cable still shows output. Any thoughts? I think the final step, where I update u-boot on my current image, may not be done correctly. Thank you, Robert -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/338616ba-39bb-4aff-88b9-59bbcc0f89fco%40googlegroups.com.
