Hi Wolfgang,
On Sat, Nov 3, 2012 at 5:30 AM, Wolfgang Denk wd@denx.de wrote:
Dear Simon Glass,
In message 1351813330-23741-5-git-send-email-sjg@chromium.org you wrote:
This option delays loading of the environment until later, so that only the default environment will be available to U-Boot.
This can address the security risk of untrusted data being used during boot.
When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a run-time way of enabling loadinlg of the environment. Add this to the fdt as /config/delay-environment.
Please explain what exactly this is good for, or which exact "security risks" this is supposed to fix.
Any time you load untrusted data you expose yourself to a bug in the code. The attacker gets to choose the data so can sometimes carefully craft it to exploit a bug. We try to avoid touching user-controlled data during a verified boot unless strictly necessary. Since the default environment is good enough in this case (or you would just change it), this gets around the problem by just not loading the environment.
As is, I strongly tend to NAK this.
Best regards,
Wolfgang Denk
Regards, Simon
-- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de In the beginning, there was nothing, which exploded. - Terry Pratchett, _Lords and Ladies_