On Wed, Jun 14, 2023 at 12:34 AM Bin Meng bmeng.cn@gmail.com wrote:
On Wed, Jun 14, 2023 at 2:41 AM Tom Rini trini@konsulko.com wrote:
On Tue, Jun 13, 2023 at 11:52:16AM +0100, Peter Robinson wrote:
While NFS is widely used in data centres, and private networks it's quite a nuanced usecase for device firmware. A lot of devices already disable it.
Various network protocols should really be opt in, not opt out, because they add extra size and are potential attack vectors from a security PoV. In the NFS case it doesn't really make sense for a lot of devices like tables, SBCs etc. It's also something we don't really want for SystemReady-IR due to security concerns.
Signed-off-by: Peter Robinson pbrobinson@gmail.com
This is a RFC to start a discussion around things like NFS, with the addistion of old protocols like NFSv1 that were never publicly released [1] we really shouldn't be enabling this by default.
I am aware it will likely break the functionality for users that do use the various versions of NFS but it's straight forward to add CMD_NFS as an explicit config. It's for this reason I label the patch as RFC.
There was about a 5Kb saving here when I tested a build with pinebook-pro-rk3399.
Peter
[snip]
This is probably fine, honestly. I don't see any environments that default to making use of NFS within U-Boot (which is not the same as nfsroot for Linux, which a number of platforms have options for by default).
How about changing
config CMD_NFS bool "nfs" default y help Boot image via network using NFS protocol.
To
default n ?
The defaut is n so just removing it has the same effect, and that's what most, but not all, things do. See CMD_RARP in the same list.
Peter