On 21.11.2018 16:41, Wolfgang Denk wrote:
Dear Simon,
In message CAAh8qsyopV-HftdCWMbMu+fdcpqWWQtBnZDDyqFyv6iC1eoCDA@mail.gmail.com you wrote:
Only if you use signed images. With plain U-Boot, there is not even a checksum for it...
When SPL loads U-Boot from a legacy image, isn't there a CRC involved over the full image including the environment?
Yes, but when - for example - the compiled in default environment gets corrupted while loading from the storage device or while writing it to RAM, there will be zero check when reading it.
Hmm, on my board, SPL loads U-Boot from NOR to SDRAM, then checks the uimage CRC. I'd say this is enough checks. That might not hold for all boards though.
But I still think keeping the default environment in a different place would be good.
Could we put U-Boot into a fit image and put the environment in a subimage? But it might increase SPL code size when a fit image has to be parsed...
Regards, Simon