[U-Boot] [PATCH v4 0/3] env: Add CONFIG_ENV_FULL_SUPPORT

[Wolfgang Denk]

Dear Tom,

In message <20191007223650.GR6716 at bill-the-cat> you wrote:
> 
> > Do I understand correctly that all of this is obsolete and no longer
> > needed after Tom's commit d90fc9c3de ``Revert "env: solve
> > compilation error in SPL"'' ?
>
> So, I think there's a new topic here.  I seem to recall a concern from
> the previous thread that we could have less restrictive environment
> protections in SPL/TPL than we do in full U-Boot and thus open ourselves
> to a potential problem.  As of today, U-Boot is back to where it was
> prior to the problematic patch being applied.  But do we not have the
> potential problem above and thus need to evaluate the rest of the
> series (as the revert was largely the same as the first patch in the
> series) ?  Thanks!

The (potential) problem of having less restrictive/secure code in
SPL than in U-Boot proper resulted from the fact that the patch
series allowed different configurations of the U-Boot environment
features in these stages.

After the revert of the original problem, I don't see the need for
any such configuration, so if we simply do nothing we are as secure
as we have been before.

When accepting this new patch series, a full review of the impacts
(size, security) is needed.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
In an infinite universe all things are possible, including the possi-
bility that the universe does not exist.
                        - Terry Pratchett, _The Dark Side of the Sun_