Hi everybody!

I'm wondering what the correct / official way of setting a "read-only" environment variable is.

It's simple enough to declare some #define CONFIG_ENV_FLAGS_LIST_STATIC "myvar:sr" to begin with, but this backfires - i.e. prevents write access - as soon as I try to set a value programmatically via setenv() (from within U-Boot code). A workaround is to use the "write-once" flag instead, but this leaves an undesired loop-hole in case "myvar" is supposed to remain empty/unset - where "write-once" would still allow the user to set a value interactively.

U-Boot already has a clear distinction between programmatic access via setenv(), resulting in _do_env_set(..., H_PROGRAMMATIC), and user interaction (from U-Boot prompt or scripts) ending up as _do_env_set(..., H_INTERACTIVE). Looking at env_flags_validate() in env_flags.c I notice that it handles H_FORCE, but doesn't make any use of H_PROGRAMMATIC.

The second (and more basic) question therefore is: Is programmatic access from within U-Boot via setenv() supposed to always respect the flags of variables (when even the user might possibly circumvent them with "setenv -f" resulting in H_FORCE), or might it be more sensible to allow all 'internal' setenv() access, disregarding any flags (treating H_PROGRAMMATIC as "always force")? I'm aware that changing this behaviour might have broad consequences.

The use case I have in mind is "locking down" (user) access to the fel_* variables used by sunxi - see http://git.denx.de/?p=u-boot.git;a=blob;f=board/sunxi/board.c;h=2d5335f9531c... . The questions/discussion in http://lists.denx.de/pipermail/u-boot/2015-September/227611.html might also be relevant.

Regards, B. Nortmann