Locking down U-Boot env with ENV_WRITEABLE_LIST

[Tim Harvey]

On Fri, Mar 26, 2021 at 11:34 AM Marek Vasut <marex at denx.de> wrote:
>
> On 3/26/21 7:15 PM, Tim Harvey wrote:
> > Greetings,
>
> Hi,
>
> > I'm trying to understand best how to lock down a U-Boot environment
> > using ENV_WRITEABLE_LIST=y.
> >
> > My understanding is that I should define all vars that I wish to be
> > able to be loaded from a FLASH env in CONFIG_ENV_FLAGS_LIST_DEFAULT. I
> > would think this would be something in Kconfig but it's not so I
> > wonder if I'm misunderstanding something or if I truly need to patch a
> > config.h when using this feature.
>
> You do need to patch board config in include/configs/ , since the flags
> were note converted to Kconfig. And make sure you only use integer or
> bool vars, since strings might contain scripts, which you want to avoid.
>
> > What is the best way to actively see your static U-Boot env that gets
> > linked into U-Boot? I can see it with a hexdump but there must be a
> > better way by looking at an include file?
>
>  From running u-boot, => env print
>
> > What is the best way to set the list of vars that you wish to be
> > allowed to be imported from a FLASH env?
>
> Ideally none, and if you really want to make sure something can be
> pulled in from external env, then:
> #define CONFIG_ENV_FLAGS_LIST_STATIC "var1:dw,var2:dw"

Marek,

I can't seem to understand CONFIG_ENV_FLAGS_LIST_STATIC vs
CONFIG_ENF_FLAGS_LIST_DEFAULT. The code seems convoluted and
experimentally I am just as confused.

It seems that as soon as you define CONFIG_ENV_WRITEABLE_LIST=y then
all variables defined elsewhere (ie CONFIG_EXTRA_ENV_SETTINGS
CONFIG_BOOTCOMMAND) can no longer be imported from an env (they are
present if you clobber your flash env but not if anything is written
to it).

I quite simply want only the following environment:
kernel_addr_r=0x02000000
mmcbootpart=4
ustate=1
bootcmd setenv bootargs root=/dev/mmcblk0p${mmcbootpart} rootwait rw;
load mmc 0:${mmcbootpart} ${kernel_addr_r} boot/kernel.itb && bootm
${kernel_addr_r} - ${fdtcontroladdr}

and the only variables with flags I want to be able to be overridden
from MMC_ENV are:
mmcbootpart:dw
usate:dw

It is too bad this can't be done via defconfig - perhaps when I
finally understand it I can submit a patch to move it to Kconfig.

>
> And those config options I had enabled in u-boot defconfig:
>
> CONFIG_CMD_ENV_CALLBACK=y
> CONFIG_CMD_ENV_FLAGS=y
> CONFIG_ENV_IS_NOWHERE=y
> CONFIG_ENV_IS_IN_MMC=y
> CONFIG_ENV_APPEND=y
> CONFIG_ENV_WRITEABLE_LIST=y
> CONFIG_ENV_ACCESS_IGNORE_FORCE=y

Do you really define both ENV_IS_NOWHERE and ENV_IS_IN_MMC? From what
I see if you define ENV_IS_NOWHERE none of the others will be used.

Best regards,

Tim