Disable USB, Serial and DOCSIS Support
To disable USB support in U-Boot, following config’s shall not be defined:
CONFIG_CMD_USB: Enables basic USB support and the usb command. CONFIG_USB_UHCI: Defines the lowlevel part. CONFIG_USB_KEYBOARD: Enables the USB Keyboard. CONFIG_USB_STORAGE: Enables the USB storage devices. CONFIG_USB_HOST_ETHER: Enables USB Ethernet adapter support.
In addition, disable unnecessary communication modes like Ethernet, Serial ports, DOCSIS in U-Boot and sboot that are not necessary.
Linux Kernel support for USB should be compiled-out if not required. If it is needed, the Linux Kernel should be configured to only enable the minimum required USB devices. User-initiated USB-filesystems should be treated with special care. Whether or not the filesystems are mounted in userspace (FUSE), restricted mount options should be observed.
||Disabled and Compiled-out if not required.|
||Else, Kernel should be configured to only enable the minimum required USB devices and filesystems should be treated with special care.|
|Boot-Communication-4||U-boot and sboot
Disable all unused Network Interfaces
Only used network interfaces should be enabled. Where possible, services should also be limited to those necessary.
||Preferably no network interface is allowed, otherwise, restrict the services to those used.|
Remove or Disable Unnecessary Services, Ports, and Devices
devices to those used.
Disable flash access
In U-Boot following flash memory commands shall be disabled:
NAND: Support for nand flash access available through
do_nand has to be disabled.
Similarly sboot should disable flash access support through command line if any.