Skip to content

{Bp 19321} !boards: enforce secure ROMFS passwd and TEA key setup#19348

Merged
acassis merged 1 commit into
apache:releases/13.0from
jerpelea:bp-19321
Jul 6, 2026
Merged

{Bp 19321} !boards: enforce secure ROMFS passwd and TEA key setup#19348
acassis merged 1 commit into
apache:releases/13.0from
jerpelea:bp-19321

Conversation

@jerpelea

@jerpelea jerpelea commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Summary

Remove implicit default credentials and add build-time validation. Add check_passwd_keys.sh and gen_passwd_keys.sh; run key setup via passwd_keys.mk before config.h is generated. Mirror the same logic in cmake/nuttx_add_romfs.cmake for CMake builds.

BREAKING CHANGE: Builds with CONFIG_BOARD_ETC_ROMFS_PASSWD_ENABLE=y now require an explicit admin password and non-default TEA keys. The Kconfig default password "Administrator" and default TEA keys are no longer accepted. Fix: run make menuconfig, set Admin password under Board Selection -> Auto-generate /etc/passwd, enable random TEA keys or set CONFIG_FSUTILS_PASSWD_KEY1..4 manually, and use NSH login with Encrypted password file verification.

Impact

RELEASE

Testing

CI

Remove implicit default credentials and add build-time validation.
Add check_passwd_keys.sh and gen_passwd_keys.sh; run key setup via
passwd_keys.mk before config.h is generated. Mirror the same logic in
cmake/nuttx_add_romfs.cmake for CMake builds.

BREAKING CHANGE: Builds with CONFIG_BOARD_ETC_ROMFS_PASSWD_ENABLE=y now
require an explicit admin password and non-default TEA keys. The
Kconfig default password "Administrator" and default TEA keys are no
longer accepted. Fix: run make menuconfig, set Admin password under
Board Selection -> Auto-generate /etc/passwd, enable random TEA keys or
set CONFIG_FSUTILS_PASSWD_KEY1..4 manually, and use NSH login with
Encrypted password file verification.

Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
@github-actions github-actions Bot added Area: Build system Size: L The size of the change in this PR is large labels Jul 6, 2026
@jerpelea

jerpelea commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@cederom ping

@jerpelea

jerpelea commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@acassis *** Aborting: CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD is not set. Stop.

@jerpelea

jerpelea commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

this is the last patch before RC2 vote

@acassis

acassis commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

@jerpelea that is the expected behavior when running locally without a defined password, the issue is how to get it working on CI? Maybe we can use kconfig tweak to step a temporary password to make it to pass or simply add this board config to be ignored be the CI

@jerpelea

jerpelea commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@acassis please merge

@cederom

cederom commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

@acassis: @jerpelea that is the expected behavior when running locally without a defined password, the issue is how to get it working on CI? Maybe we can use kconfig tweak to step a temporary password to make it to pass or simply add this board config to be ignored be the CI

Hmm, or just use random key each time then user does not select its own key? That should improve security and fix the ci errors? :-P

@acassis

acassis commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

@acassis: @jerpelea that is the expected behavior when running locally without a defined password, the issue is how to get it working on CI? Maybe we can use kconfig tweak to step a temporary password to make it to pass or simply add this board config to be ignored be the CI

Hmm, or just use random key each time then user does not select its own key? That should improve security and fix the ci errors? :-P

This is what the gen_passwd_key.sh does, but the error is raised because the config is not set with a password

@acassis acassis merged commit f5291a8 into apache:releases/13.0 Jul 6, 2026
28 of 80 checks passed
@jerpelea jerpelea deleted the bp-19321 branch July 6, 2026 15:05
@jerpelea

jerpelea commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@acassis do you want to open a PR or we cut RC2 as it is?

@acassis

acassis commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

I think everything is done!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Area: Build system Size: L The size of the change in this PR is large

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants