[U-Boot] [PATCH 05/10] arm: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading

Simon Glass sjg at chromium.org
Wed Nov 7 01:16:10 CET 2012


Hi Wolfgang,

On Sat, Nov 3, 2012 at 5:30 AM, Wolfgang Denk <wd at denx.de> wrote:
> Dear Simon Glass,
>
> In message <1351813330-23741-5-git-send-email-sjg at chromium.org> you wrote:
>> This option delays loading of the environment until later, so that only the
>> default environment will be available to U-Boot.
>>
>> This can address the security risk of untrusted data being used during boot.
>>
>> When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a
>> run-time way of enabling loadinlg of the environment. Add this to the
>> fdt as /config/delay-environment.
>
> Please explain what exactly this is good for, or which exact "security
> risks" this is supposed to fix.

Any time you load untrusted data you expose yourself to a bug in the
code. The attacker gets to choose the data so can sometimes carefully
craft it to exploit a bug. We try to avoid touching user-controlled
data during a verified boot unless strictly necessary. Since the
default environment is good enough in this case (or you would just
change it), this gets around the problem by just not loading the
environment.

>
> As is, I strongly tend to NAK this.
>
> Best regards,
>
> Wolfgang Denk

Regards,
Simon

>
> --
> DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
> In the beginning, there was nothing, which exploded.
>                                 - Terry Pratchett, _Lords and Ladies_


More information about the U-Boot mailing list