Dear Tom, In message <20191007223650.GR6716@bill-the-cat> you wrote: > > > Do I understand correctly that all of this is obsolete and no longer > > needed after Tom's commit d90fc9c3de ``Revert "env: solve > > compilation error in SPL"'' ? > > So, I think there's a new topic here. I seem to recall a concern from > the previous thread that we could have less restrictive environment > protections in SPL/TPL than we do in full U-Boot and thus open ourselves > to a potential problem. As of today, U-Boot is back to where it was > prior to the problematic patch being applied. But do we not have the > potential problem above and thus need to evaluate the rest of the > series (as the revert was largely the same as the first patch in the > series) ? Thanks!
The (potential) problem of having less restrictive/secure code in SPL than in U-Boot proper resulted from the fact that the patch series allowed different configurations of the U-Boot environment features in these stages. After the revert of the original problem, I don't see the need for any such configuration, so if we simply do nothing we are as secure as we have been before. When accepting this new patch series, a full review of the impacts (size, security) is needed. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: [email protected] In an infinite universe all things are possible, including the possi- bility that the universe does not exist. - Terry Pratchett, _The Dark Side of the Sun_ _______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
