[U-Boot] [PATCH 05/10] arm: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading

Lucas Stach dev at lynxeye.de
Fri Jan 18 13:06:06 CET 2013


Am Donnerstag, den 01.11.2012, 16:42 -0700 schrieb Simon Glass:
> This option delays loading of the environment until later, so that only the
> default environment will be available to U-Boot.
> 
> This can address the security risk of untrusted data being used during boot.
> 
> When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a
> run-time way of enabling loadinlg of the environment. Add this to the
> fdt as /config/delay-environment.
> 
It's really unfortunate to only realize this after the final release of
v2013.01 as I haven't tested the -rc3, but this breaks environment for
almost all Tegra boards. I haven't checked all of them, but the ones I
looked at have CONFIG_OF_CONTROL defined, but no load-environment node
in the FDT.

So they're all going straight into "secure boot" mode, because of the
bogus standard value of not allowing env to load, which is probably not
what most people want.

Regards,
Lucas
> ---
[...]
>  /*
> - ************************************************************************
> + * Tell if it's OK to load the environment early in boot.
> + *
> + * If CONFIG_OF_CONFIG is defined, we'll check with the FDT to see
> + * if this is OK (defaulting to saying it's not OK).
> + *
> + * NOTE: Loading the environment early can be a bad idea if security is
> + *       important, since no verification is done on the environment.
> + *
> + * @return 0 if environment should not be loaded, !=0 if it is ok to load
> + */
> +static int should_load_env(void)
> +{
> +#ifdef CONFIG_OF_CONTROL
> +	return fdtdec_get_config_int(gd->fdt_blob, "load-environment", 0);
> +#elif defined CONFIG_DELAY_ENVIRONMENT
> +	return 0;
> +#else
> +	return 1;
> +#endif
> +}
> +
[...]



More information about the U-Boot mailing list