This option delays loading of the environment until later, so that only the default environment will be available to U-Boot.
This can address the security risk of untrusted data being used during boot.
When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a run-time way of enabling loadinlg of the environment. Add this to the fdt as /config/delay-environment.
Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/
Signed-off-by: Doug Anderson dianders@chromium.org Signed-off-by: Simon Glass sjg@chromium.org --- README | 9 +++++++++ arch/arm/lib/board.c | 29 +++++++++++++++++++++++++++-- 2 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/README b/README index 22fd6b7..589e22a 100644 --- a/README +++ b/README @@ -2311,6 +2311,15 @@ CBFS (Coreboot Filesystem) support - CONFIG_SYS_VENDOR - CONFIG_SYS_SOC
+ CONFIG_DELAY_ENVIRONMENT + + Normally the environment is loaded when the board is + intialised so that it is available to U-Boot. This inhibits + that so that the environment is not available until + explicitly loaded later by U-Boot code. With CONFIG_OF_CONTROL + this is instead controlled by the value of + /config/load-environment. + - DataFlash Support: CONFIG_HAS_DATAFLASH
diff --git a/arch/arm/lib/board.c b/arch/arm/lib/board.c index 2ec6a43..d3053d8 100644 --- a/arch/arm/lib/board.c +++ b/arch/arm/lib/board.c @@ -40,6 +40,7 @@
#include <common.h> #include <command.h> +#include <environment.h> #include <malloc.h> #include <stdio_dev.h> #include <version.h> @@ -469,7 +470,28 @@ static char *failed = "*** failed ***\n"; #endif
/* - ************************************************************************ + * Tell if it's OK to load the environment early in boot. + * + * If CONFIG_OF_CONFIG is defined, we'll check with the FDT to see + * if this is OK (defaulting to saying it's not OK). + * + * NOTE: Loading the environment early can be a bad idea if security is + * important, since no verification is done on the environment. + * + * @return 0 if environment should not be loaded, !=0 if it is ok to load + */ +static int should_load_env(void) +{ +#ifdef CONFIG_OF_CONTROL + return fdtdec_get_config_int(gd->fdt_blob, "load-environment", 0); +#elif defined CONFIG_DELAY_ENVIRONMENT + return 0; +#else + return 1; +#endif +} + +/************************************************************************ * * This is the next part if the initialization sequence: we are now * running from RAM and have a "normal" C environment, i. e. global @@ -575,7 +597,10 @@ void board_init_r(gd_t *id, ulong dest_addr) #endif
/* initialize environment */ - env_relocate(); + if (should_load_env()) + env_relocate(); + else + set_default_env(NULL);
#if defined(CONFIG_CMD_PCI) || defined(CONFIG_PCI) arm_pci_init();