This has been asked many times before, but a LONG time ago.
A patch for a password protection feature is here:
http://www.rockbox.org/tracker/task/10188, but only supports 4-digit passcodes and is a plugin, meaning that a reboot erases everything.
I am not suggesting an unbreakable security, just something that would take a determined hacker an hour or so to crack, and a layperson out indefinitely.
So, I boiled it down to this:
- password is configured in settings
- a separate program (for host computer) allows the DAP to be unlocked on USB by sending a special unlock key
- unlock key can be generated from settings
- RB (or ROLO) checks for passwords being enabled on boot, in config.cfg and asks for it if it finds it
- passwords are hashed securely (MD5 and SHA1 functions have already been written for RB) and stored in config.cfg
- USB is disabled when at the unlock screen so as to prevent editing of the config.cfg file
- something similar to the iOS delay feature (1 minute, 5 minutes, 15 min, 60 min, 24 hr, lockout)
- when the DAP has become locked out, the unlock program needs to be used to unlock it.
Does anyone besides me see a real need for this? If so, I could write it.
I understand that this goes against some aspects of freedom in that it could disable your hardware forever by accident, and the fact that there are some obvious backdoors around this (on iPod 6G, emCORE allows the data partition to be wiped), but it's better than nothing.