I was not aware of this "feature". After @rextended's note, I went looking and found this
Protected bootloader documentation.
"Protected bootloader
This is a new feature which allows the protection of RouterOS configuration and files from a physical attacker by disabling etherboot. It is called "Protected RouterBOOT". This feature can be enabled and disabled only from within RouterOS after login, i.e., there is no RouterBOOT setting to enable/disable this feature. These extra options appear only under certain conditions. When this setting is enabled - both the reset button and the reset pin-hole is disabled. RouterBOOT menu is also disabled. The only ability to change boot mode or enable RouterBOOT settings menu, is through RouterOS. If you do not know the RouterOS password - only a complete format is possible."
And later it says:
protected-routerboot (enabled | disabled; Default: disabled) This setting disables any access to the RouterBOOT configuration settings over a console cable and disables operation of the reset button to change the boot mode (Netinstall will be disabled). Access to RouterOS will only be possible with a known RouterOS admin password. Unsetting of this option is only possible from RouterOS. If you forget the RouterOS password, the only option is to perform a complete reformat of both NAND and RAM with the following method, but you have to know the reset button hold time in seconds.
enabled - secure mode, only RouterOS can be accessed with a RouterOS admin password. Any user input from serial port is ignored. Etherboot is not available, RouterBOOT setting change is not possible.
disabled - regular operation, RouterBOOT settings available with serial console and reset button can be used to launch Netinstall
And then they added a "reformat-hold-button-max (5s .. 600s; Default: 10m) Increase the security even further by setting the max hold time, this means that you must release the reset button within a specified time interval. If you set t he "reformat-hold-button" to 60s and "reformat-hold-button-max" to 65s, it will mean that you must hold the button 60 to 65 seconds, not less and not more, making guesses impossible. Introduced in RouterBOOT 3.38.3
What if a disgruntled netadmin reset the prived passwords, and enable this? and what if reformat-hold-button-max was set to a value less than reformat-hold-button ? (perhaps not possible, I am not going to try). How could you recover?
I think this is a dangerous option. It shouldn't be possible to enable an option like this without physical access to the router. It enables remote bricking or turning a router into bot mode with no easy way to revert. I remember the BIOS passwords on PC mother boards that require a jumper to "reset" but it seems this doesn't even allow that option.
In the documentation there is a mention of enable-jumper-reset
and they show this "example"
[
admin@demo.mt.lv] /system routerboard settings> print
baud-rate: 115200
boot-delay: 2s
enter-setup-on: any-key
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 1200MHz
memory-frequency: 1066DDR
boot-protocol: bootp
enable-jumper-reset: yes
force-backup-booter: no
silent-boot: no
In this thread
How to reser RB4011 with Enable jumper reset off? this
response has a link to
Buttons and jumpers, with the implication that you can always reset. But I am not willing to try with my router.
My RB760iGS with 7.4
[demo@MikroTik] > /system/routerboard/print
routerboard: yes
board-name: hEX S
model: RB760iGS
serial-number: ---redacted---
firmware-type: mt7621L
factory-firmware: 6.46.4
current-firmware: 6.47.10
upgrade-firmware: 7.4
[demo@MikroTik] > /system/routerboard/settings/print
auto-upgrade: no
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 880MHz
memory-frequency: 1200DDR
boot-protocol: bootp
force-backup-booter: no
silent-boot: no
disable-pci: no
protected-routerboot: disabled
reformat-hold-button: 20s
reformat-hold-button-max: 10m
[demo@MikroTik] > /system/routerboard/reset-button/print
enabled: no
hold-time: 0s..1m
on-event:
[demo@MikroTik] > /system/routerboard/mode-button/print
enabled: no
hold-time: 0s..1m
on-event:
[demo@MikroTik] >
Is there an alternate bootloader version available without this "feature"?