[U-Boot] [swupdate] Re: SWUpdate - U-Boot environment library dependency

Wolfgang Denk wd at denx.de
Wed Nov 21 11:45:20 UTC 2018


Dear Stefano,

In message <9efc8990-118c-d5b9-802d-8190db2326d3 at denx.de> you wrote:
>
> True, but this has side effect and limitation. You cannot change a
> variable in the deafult environment if you need it because you do not
> know it. If some changes are needed, even if for very small things like
> activating a gpio before ooting, you need to update the bootloader.

Just my words.  (Mis) using the default environment for such
purposes is broken by design.

Let's get rid of this!

> Moving to shared library should be done in U-Boot project, then. Some
> changes are then required, at least how the environment is locked (it is
> not clean as it is done now - locking should be done by the library and
> not by the caller).

Speaking of security...  shared libraries open a number of new
attack vectors, too...

> > In a secure boot environment, you cannot allow to load the environment
> > from an untrusted source. We need a default environment in this case.
>
> Or you make that changes are trusted.

Right, when we sign (and check the signatures) of all other images,
then why not do the very same for some environment image?

That would even be _better_ as currently there is no, absolutely no
check if the builtin default environment is in any way consistent.


Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
"This is a test of the Emergency Broadcast System. If this had been an
actual emergency, do you really think we'd stick around to tell you?"


More information about the U-Boot mailing list