[PATCH v3 1/2] env: migrate static flags list to Kconfig
Jan Kiszka
jan.kiszka at siemens.com
Tue May 12 07:09:51 CEST 2026
On 11.05.26 20:20, James Hilliard wrote:
> Environment callbacks can already be configured from Kconfig with
> CONFIG_ENV_CALLBACK_LIST_STATIC, but static environment flags still
> require board headers to define CFG_ENV_FLAGS_LIST_STATIC.
>
> Add CONFIG_ENV_FLAGS_LIST_STATIC and use it as the only board-provided
> static environment flags list. Convert the remaining default-config users
> from CFG_ENV_FLAGS_LIST_STATIC to defconfig settings and drop the legacy
> header macro from ENV_FLAGS_LIST_STATIC.
>
> Move the environment flags format documentation out of README and into
> the developer environment documentation. Include the format in the
> Kconfig help as well.
>
> This lets boards configure writeable-list policy and type validation
> from defconfig without adding a config header solely for env flags.
>
> This preserves the behavior of default configs. Header-only cases that
> were inactive in upstream defconfigs are not converted into defconfig
> entries: iot2050 can add its list when enabling ENV_WRITEABLE_LIST, and
> smegw01 can add mmcdev:dw support if the unlocked SYS_BOOT_LOCKED=n
> configuration is needed.
>
> Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
> Reviewed-by: Tom Rini <trini at konsulko.com>
> Reviewed-by: Simon Glass <sjg at chromium.org>
> ---
> Changes v2 -> v3:
> - Note that inactive header-only iot2050 flags and the smegw01
> SYS_BOOT_LOCKED=n mmcdev:dw flag are not converted into defconfigs.
>
Colleagues, you want to have an eye on this because it could silently
unlock the (downstream) secure boot config profile [1] on next update.
This makes me wonder if U-Boot shouldn't carry such profiles as well,
either in form of a generic Kconfig switch or some defconfig variants.
It's a very common pattern to shoot yourself into the foot while trying
to lock down the typical try-out upstream defconfigs for secure boot.
Jan
[1]
https://github.com/siemens/meta-iot2050/blob/master/meta/recipes-bsp/u-boot/files/secure-boot.cfg
--
Siemens AG, Foundational Technologies
Linux Expert Center
More information about the U-Boot
mailing list