Disable RPC channels at runtime

General
#1
  1. My goal is: allow setting of config variables via UART for provisioning and licensing a mongose-os device at my factory, then disabling the RPC channel over UART to prevent reading of config over UART.
  2. My actions are: I include (enable) libs in my mos.yml: rpc-uart, rpc-service-config, rpc-service-ota, rpc-service-fs.
  3. The result I see is: I can set and get config via UART and I can run “mos license” successfully. But then UART can be exploited by anyone in the field to change config.
  4. My expectation & question is: Can I disable rpc-uart at runtime after my factory has completed provisioning the device?

Perhaps from my c code I call mgos_sys_config_set_rpc_uart_uart_no(-1) to disable the UART for RPC commands. Or maybe run “mos config-set rpc.uart.uart_no=-1”.

How to implement RPC Security
#2

According to the source code, mos config-set rpc.uart.uart_no=-1 will disable the UART RPC channel.

Did you consider to enable rpc authentication?

#3

Yes. I am using Digest Authentication with RPC. I just wanted to know if I needed to really lock-down the system, how to disable the UART channel entirely. Both mechanisms - authentication and uart_no=-1 work well.