apache · Abhishekmishra2808 · Feb 15, 2026 · cederom · Feb 15, 2026 · linguini1
@@ -491,21 +491,22 @@ mounted at /etc and will look like this at run-time:
    nsh>
 
 ``/etc/init.d/rc.sysinit`` is system init script; ``/etc/init.d/rcS`` is the
-start-up script; ``/etc/passwd`` is a the password file. It supports a single
-user:
+start-up script; ``/etc/passwd`` is the password file.
 
-.. code:: text
+The ``/etc/passwd`` file is auto-generated at build time when
+``CONFIG_ETC_ROMFS_GENPASSWD`` is enabled.  To configure the admin user and
+password, run ``make menuconfig`` and set:
 
-   USERNAME:  admin
-   PASSWORD:  Administrator
+* ``CONFIG_ETC_ROMFS_GENPASSWD=y``
+* ``CONFIG_ETC_ROMFS_PASSWD_USER`` (default: ``admin``)
+* ``CONFIG_ETC_ROMFS_PASSWD_PASSWORD`` (required, build fails if empty)
 
-   nsh> cat /etc/passwd
-   admin:8Tv+Hbmr3pLVb5HHZgd26D:0:0:/
+The password is hashed with TEA at build time using
+``tools/mkpasswd.py``; the plaintext is **not** stored in the firmware.
 
-The encrypted passwords in the provided passwd file are only valid if the TEA
-key is set to: 012345678 9abcdef0 012345678 9abcdef0. Changes to either the key
-or the password word will require regeneration of the ``nsh_romfimg.h`` header
-file.
+The encrypted passwords are only valid if the TEA key matches the one
+configured in ``CONFIG_FSUTILS_PASSWD_KEY1..4`` (default:
+``012345678 9abcdef0 012345678 9abcdef0``).
 
 The format of the password file is:
 

@@ -23,18 +23,22 @@ README
     nsh>
 
   /etc/init.d/rc.sysinit is system init script; /etc/init.d/rcS is the start-up
-  script; /etc/passwd is a the password file.  It supports a single user:
+  script; /etc/passwd is the password file.
 
-    USERNAME:  admin
-    PASSWORD:  Administrator
+  The /etc/passwd file is auto-generated at build time when
+  CONFIG_ETC_ROMFS_GENPASSWD is enabled.  To configure the admin user and
+  password, run 'make menuconfig' and set:
 
-    nsh> cat /etc/passwd
-    admin:8Tv+Hbmr3pLVb5HHZgd26D:0:0:/
+    CONFIG_ETC_ROMFS_GENPASSWD=y
+    CONFIG_ETC_ROMFS_PASSWD_USER (default: admin)
+    CONFIG_ETC_ROMFS_PASSWD_PASSWORD (required, build fails if empty)
 
-  The encrypted passwords in the provided passwd file are only valid if the
-  TEA key is set to:  012345678 9abcdef0 012345678 9abcdef0.  Changes to either
-  the key or the password word will require regeneration of the nsh_romfimg.h
-  header file.
+  The password is hashed with TEA at build time using tools/mkpasswd.py;
+  the plaintext is NOT stored in the firmware image.
+
+  The encrypted passwords are only valid if the TEA key matches the one
+  configured in CONFIG_FSUTILS_PASSWD_KEY1..4 (default:
+  012345678 9abcdef0 012345678 9abcdef0).
 
   The format of the password file is:
 

@@ -2008,24 +2008,22 @@ mounted at ``/etc`` and will look like this at run-time:
    nsh>
 
 ``/etc/init.d/rc.sysinit`` is system init script; ``/etc/init.d/rcS`` is the
-start-up script; ``/etc/passwd`` is a the password file. It supports a single
-user:
+start-up script; ``/etc/passwd`` is the password file.
 
-.. code:: text
-
-   USERNAME:  admin
-   PASSWORD:  Administrator
-
-.. code:: console
+The ``/etc/passwd`` file is auto-generated at build time when
+``CONFIG_ETC_ROMFS_GENPASSWD`` is enabled.  To configure the admin user and
+password, run ``make menuconfig`` and set:
 
-   nsh> cat /etc/passwd
-   admin:8Tv+Hbmr3pLVb5HHZgd26D:0:0:/
+* ``CONFIG_ETC_ROMFS_GENPASSWD=y``
+* ``CONFIG_ETC_ROMFS_PASSWD_USER`` (default: ``admin``)
+* ``CONFIG_ETC_ROMFS_PASSWD_PASSWORD`` (required, build fails if empty)
 
-The encrypted passwords in the provided passwd file are only valid if the
-TEA key is set to: 012345678 9abcdef0 012345678 9abcdef0.
+The password is hashed with TEA at build time using
+``tools/mkpasswd.py``; the plaintext is **not** stored in the firmware.
 
-Changes to either the key or the password word will require regeneration of the
-``nsh_romfimg.h`` header file.
+The encrypted passwords are only valid if the TEA key matches the one
+configured in ``CONFIG_FSUTILS_PASSWD_KEY1..4`` (default:
+``012345678 9abcdef0 012345678 9abcdef0``).
 
 The format of the password file is:
 

@@ -35,6 +35,19 @@ $(ETCSRC): $(foreach raw,$(RCRAWS), $(if $(wildcard $(BOARD_DIR)$(DELIM)src$(DEL
 	  $(shell rm -rf $(ETCDIR)$(DELIM)$(raw)) \
 	  $(shell mkdir -p $(dir $(ETCDIR)$(DELIM)$(raw))) \
 	  $(shell cp -rfp $(if $(wildcard $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw)), $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw), $(if $(wildcard $(BOARD_COMMON_DIR)$(DELIM)$(raw)), $(BOARD_COMMON_DIR)$(DELIM)$(raw), $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw))) $(ETCDIR)$(DELIM)$(raw)))
+ifeq ($(CONFIG_ETC_ROMFS_GENPASSWD),y)
+ifeq ($(CONFIG_ETC_ROMFS_PASSWD_PASSWORD),)
+	$(error CONFIG_ETC_ROMFS_PASSWD_PASSWORD must be set when ETC_ROMFS_GENPASSWD is enabled. Run 'make menuconfig' to set a password.)
+endif
+	$(Q) mkdir -p $(ETCDIR)$(DELIM)$(CONFIG_ETC_ROMFSMOUNTPT)
+	$(Q) python3 $(TOPDIR)$(DELIM)tools$(DELIM)mkpasswd.py \
+		--user $(CONFIG_ETC_ROMFS_PASSWD_USER) \
+		--password $(CONFIG_ETC_ROMFS_PASSWD_PASSWORD) \
+		--uid $(CONFIG_ETC_ROMFS_PASSWD_UID) \
+		--gid $(CONFIG_ETC_ROMFS_PASSWD_GID) \
+		--home $(CONFIG_ETC_ROMFS_PASSWD_HOME) \
+		-o $(ETCDIR)$(DELIM)$(CONFIG_ETC_ROMFSMOUNTPT)$(DELIM)passwd
+endif
 	$(Q) genromfs -f romfs.img -d $(ETCDIR)$(DELIM)$(CONFIG_ETC_ROMFSMOUNTPT) -V "NSHInitVol"
 	$(Q) echo "#include <nuttx/compiler.h>" > $@
 	$(Q) xxd -i romfs.img | sed -e "s/^unsigned char/const unsigned char aligned_data(4)/g" >> $@

diff --git a/boards/risc-v/esp32c3-legacy/esp32c3-legacy-devkit/src/Make.defs b/boards/risc-v/esp32c3-legacy/esp32c3-legacy-devkit/src/Make.defs
@@ -46,7 +46,7 @@ endif
 
 ifeq ($(CONFIG_ETC_ROMFS),y)
   RCSRCS = etc/init.d/rc.sysinit etc/init.d/rcS
-  RCRAWS = etc/group etc/passwd
+  RCRAWS = etc/group
 endif
 
 DEPPATH += --dep-path board

diff --git a/boards/risc-v/esp32c3-legacy/esp32c3-legacy-devkit/src/etc/passwd b/boards/risc-v/esp32c3-legacy/esp32c3-legacy-devkit/src/etc/passwd
diff --git a/boards/sim/sim/sim/src/CMakeLists.txt b/boards/sim/sim/sim/src/CMakeLists.txt
@@ -77,7 +77,6 @@ if(CONFIG_ETC_ROMFS)
     etc/init.d/rc.sysinit
     RCRAWS
     etc/group
-    etc/passwd
     PATH
     ${CMAKE_CURRENT_BINARY_DIR}/etc)
 

@@ -56,7 +56,7 @@ endif
 
 ifeq ($(CONFIG_ETC_ROMFS),y)
   RCSRCS = etc/init.d/rc.sysinit etc/init.d/rcS
-  RCRAWS = etc/group etc/passwd
+  RCRAWS = etc/group
 endif
 
 ifeq ($(CONFIG_ARCH_BUTTONS),y)

@@ -282,6 +282,33 @@ function(process_all_directory_romfs)
   list(PREPEND RCSRCS ${board_rcsrcs} ${dyn_rcsrcs})
   list(PREPEND RCRAWS ${board_rcraws} ${dyn_rcraws})
 
+  # Auto-generate /etc/passwd at build time if configured
+  if(CONFIG_ETC_ROMFS_GENPASSWD)
+    if("${CONFIG_ETC_ROMFS_PASSWD_PASSWORD}" STREQUAL "")
+      message(
+        FATAL_ERROR
+          "CONFIG_ETC_ROMFS_PASSWD_PASSWORD must be set when"
+          " ETC_ROMFS_GENPASSWD is enabled."
+          " Run 'make menuconfig' to set a password.")
+    endif()
+
+    set(GENPASSWD_OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/etc/passwd)
+    add_custom_command(
+      OUTPUT ${GENPASSWD_OUTPUT}
+      COMMAND
+        ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/etc
+      COMMAND
+        ${Python3_EXECUTABLE} ${NUTTX_DIR}/tools/mkpasswd.py --user
+        "${CONFIG_ETC_ROMFS_PASSWD_USER}" --password
+        "${CONFIG_ETC_ROMFS_PASSWD_PASSWORD}" --uid
+        ${CONFIG_ETC_ROMFS_PASSWD_UID} --gid ${CONFIG_ETC_ROMFS_PASSWD_GID}
+        --home "${CONFIG_ETC_ROMFS_PASSWD_HOME}" -o ${GENPASSWD_OUTPUT}
+      COMMENT "Generating /etc/passwd from Kconfig values")
+    add_custom_target(generate_passwd DEPENDS ${GENPASSWD_OUTPUT})
+    list(APPEND RCRAWS ${GENPASSWD_OUTPUT})
+    list(APPEND dyn_deps generate_passwd)
+  endif()
+
   # init dynamic dependencies
 
   get_property(

@@ -623,6 +623,46 @@ config ETC_FATMOUNTPT
 		will mount a FAT FS under /tmp. This is the location where the FAT
 		FS will be mounted.  Default is "/tmp".
 
+config ETC_ROMFS_GENPASSWD
+	bool "Auto-generate /etc/passwd at build time"
+	default n
+	---help---
+		Generate the /etc/passwd file at build time from a user-supplied
+		password.  This avoids shipping a hard-coded default password
+		(CWE-798).  When enabled, the build will fail if no password
+		is configured, forcing each build to set its own credentials.
+
+if ETC_ROMFS_GENPASSWD
+
+config ETC_ROMFS_PASSWD_USER
+	string "Admin username"
+	default "admin"
+	---help---
+		The username for the auto-generated /etc/passwd entry.
+
+config ETC_ROMFS_PASSWD_PASSWORD
+	string "Admin password (required)"
+	default ""
+	---help---
+		The plaintext password for the auto-generated /etc/passwd entry.
+		This value is hashed with TEA at build time; the plaintext is NOT
+		stored in the firmware image.  The build will fail if this is left
+		empty.  Set this via 'make menuconfig'.
+
+config ETC_ROMFS_PASSWD_UID
+	int "Admin user ID"
+	default 0
+
+config ETC_ROMFS_PASSWD_GID
+	int "Admin group ID"
+	default 0
+
+config ETC_ROMFS_PASSWD_HOME
+	string "Admin home directory"
+	default "/"
+
+endif # ETC_ROMFS_GENPASSWD
+
 endif # ETC_ROMFS
 
 config RR_INTERVAL