Hi,
I am currently looking into variable flags in order to make some variables read-only for secure boot.
The idea is that the u-boot binary is signed, while the environment file/partition is not. So the built-in default environment of u-boot can be trusted, while the external environment cannot. The assumption is that those flags can be used to customize the validation when the external environment is loaded or scripts/commands are executed.
From the '/README' I gather that the access attributes can be any of "any", "read-only", "write-once" or "change-default".
I first tried to restrict the variables by choosing 'read-only', but apparently this applies to the internal environment as well, and now those variables are not loaded from the internal environment.
Then I tried 'write-once', this worked now as expected from within u-boot, but I could modify the environment from the linux userspace via fw_setenv and those changes appear in u-boot as well. The same for 'change-default'.
Is there another way to fill the internal environment variable hash table, so that 'read-only' works as expected?
Heiko wrote some patches that change the behavior of the environment loading so that the internal environment is loaded first before the external environment. This way 'write-once' should work as expected, but I think 'read-only' should work that way already and we are missing something here.
Thanks, Claudius