[RFC] disable NFS support by default

Tom Rini trini at konsulko.com
Tue Jun 13 20:41:34 CEST 2023


On Tue, Jun 13, 2023 at 11:52:16AM +0100, Peter Robinson wrote:

> While NFS is widely used in data centres, and private
> networks it's quite a nuanced usecase for device firmware.
> A lot of devices already disable it.
> 
> Various network protocols should really be opt in, not opt
> out, because they add extra size and are potential attack
> vectors from a security PoV. In the NFS case it doesn't
> really make sense for a lot of devices like tables, SBCs etc.
> It's also something we don't really want for SystemReady-IR
> due to security concerns.
> 
> Signed-off-by: Peter Robinson <pbrobinson at gmail.com>
> ---
> 
> This is a RFC to start a discussion around things like NFS,
> with the addistion of old protocols like NFSv1 that were never 
> publicly released [1] we really shouldn't be enabling this by
> default.
> 
> I am aware it will likely break the functionality for users
> that do use the various versions of NFS but it's straight forward
> to add CMD_NFS as an explicit config. It's for this reason I
> label the patch as RFC.
> 
> There was about a 5Kb saving here when I tested a build with
> pinebook-pro-rk3399.
> 
> Peter
> 
> [1] https://en.wikipedia.org/wiki/Network_File_System
[snip]

This is probably fine, honestly. I don't see any environments that
default to making use of NFS within U-Boot (which is not the same as
nfsroot for Linux, which a number of platforms have options for by
default).

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230613/1fea12e8/attachment.sig>


More information about the U-Boot mailing list