[PATCH v1] env: Kconfig: disable external env in secure os boot
Tom Rini
trini at konsulko.com
Fri Oct 17 15:58:00 CEST 2025
On Fri, Oct 17, 2025 at 09:28:58AM +0530, Anshul Dalal wrote:
> On Fri Oct 17, 2025 at 3:37 AM IST, Tom Rini wrote:
> > On Thu, 09 Oct 2025 18:04:34 +0530, Anshul Dalal wrote:
> >
> >> Falcon mode uses falcon_image_file from the env during mmc fs boot, but
> >> external env can be compromised. Therefore disable access to external
> >> env by setting SPL_ENV_IS_NOWHERE when SPL_OS_BOOT_SECURE is set.
> >>
> >>
> >
> > Applied to u-boot/master, thanks!
> >
> > [1/1] env: Kconfig: disable external env in secure os boot
> > commit: 1e470ddd0743bbd1f229421e11e9ad2093f7fd20
>
> Hi Tom,
>
> Unfortunately the patch this depends on[1] has not been merged yet.
> Essentially as master stands now, we are disabling env based on
> SPL_OS_BOOT_SECURE even though that config isn't defined anywhere.
>
> I'm working on addressing your comments[2] on my last series disabling
> fallback in falcon mode and will duly post a revision, in the meantime
> could we just merge the [1/7] of that series and I'll remove it form the
> rest of the series in the revision?
So, whoops. However, in Kconfig evaluation of "depends on
!DOES_NOT_EXIST" is true, so there's no functional breakage here.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20251017/ddd5f08f/attachment.sig>
More information about the U-Boot
mailing list