Roger-random
commented
5 years ago Chat discussion says to address this by adding an option for the user to skip autoexec by holding down a button. An implementation that responds to holding down START has been implemented and awaiting review as PR #65
If there is an autoexec.elf present, IPL will try to run it on startup. If the autoexec.elf is bad (with an infinite loop) it also freezes up IPL. While in this state, the badge will not work as a USB mass storage device.
If the user reboots the badge, they're back in the same place and they can't access flash to delete the bad autoexec.elf.
How to get out of it: Modify IPL source code so it looks for some file name other than autoexec.elf. (Preferably an elf that will exit properly, or one that does not exist.) Flash that IPL and reboot the badge to restore access to USB mass storage.
Do we care about putting in any additional mitigation? It is certainly an option for us to say "Yep, it'll happen, and that's how you get out of it."