How to avoid the need to run 'env default' command on modified env variable

Tue Aug 12 21:24:36 CEST 2025

On Mon, Aug 11 2025, Mircea Carausu <mcarausu at gmail.com> wrote:

> Hi Quentin,
> Thank you for your reply.
> I wish it would be that simple:
> - as mentioned we are using RAUC for firmware upgrade (https://rauc.io/)
> and A/B partitions. RAUC needs some u-boot env variables to point to the
> active slot to load and it maintains a retry count.
> (all of this is implemented with help from u-boot env variables, which have
> to be writable).
> I thought of erasing the entire u-boot env or corrupting the CRC signature
> to force loading the defaults. I can do that from Linux also - prior to
> reboot.

You could/should have a post-install hook that takes care of updating the
U-Boot env after you've installed the new bootloader.

But, why are these "critical variables" _variables_ in the first place?
Can you explain what they are used for and how, and why the consuming
code in U-Boot reads them from the environment?

We also use RAUC, but we've mostly abandoned the use of the U-Boot
environment for the RAUC bookkeeping variables, as a writable
environment is fundamentally incompatible with secure boot. I.e., we
still use that for POC projects, but eventually we do something
else. So this problem is mostly moot for us (as our U-Boot env is static
and built-in), but we did use to have logic for updating it: We use the
DEFAULT_ENV_FILE mechanism for defining the whole environment in a text
file, and as part of generating that, we also generate a version of it
that can be used in such a post-install hook. Quoting from our Yocto
meta-data:

    # uboot-env.txt will be used below, and by the u-boot recipe
    # itself to create the built-in environment. For both mkenvimage
    # and u-boot's build system, it has to be in "var=value"
    # format.

    # An unset variable is indistinguishable from one with an empty
    # value, at least in the U-boot shell, so comment out definitions
    # of such variables. [*]

    sed -e 's/^\([^=]*=\)$/# \1/' ${S}/uboot.txt > ${S}/uboot-env.txt

    # Create version suitable as a "script" to fw_setenv: Replace
    # first = by a space.

    # When updating the bootloader, we do not replace the environment
    # with the vanilla environment from this recipe, as that would
    # wipe RAUC status and other things that should not get
    # removed. Instead, we run fw_setenv with uboot-env.update as -s
    # argument. The effect is that variables set in this environment
    # take effect, while those that are not mentioned here are
    # preserved (RAUC status, maybe eth address, device serial number,
    # etc.).

    # This is not perfect, but just a reasonable heuristic. In any
    # case, updating the bootloader should be handled with great care.

    # If a "run-time" variable should explicitly be deleted by the
    # update, assign an empty value. This is also the reason for [*]
    # above: If we had an empty definition of foobar in the original
    # environment, and the update has the same environment, fw_setenv
    # would react to the empty value for foobar by deleting it, so the
    # update wouldn't really be a no-op.

    sed -e 's/=/ /' ${S}/uboot.txt > ${S}/uboot-env.update

Rasmus