Hi Tim,
On 26.03.21 19:34, Marek Vasut wrote:
On 3/26/21 7:15 PM, Tim Harvey wrote:
Greetings,
Hi,
I'm trying to understand best how to lock down a U-Boot environment
using ENV_WRITEABLE_LIST=y.
My understanding is that I should define all vars that I wish to be
able to be loaded from a FLASH env in CONFIG_ENV_FLAGS_LIST_DEFAULT. I
would think this would be something in Kconfig but it's not so I
wonder if I'm misunderstanding something or if I truly need to patch a
config.h when using this feature.
You do need to patch board config in include/configs/ , since the flags
were note converted to Kconfig. And make sure you only use integer or
bool vars, since strings might contain scripts, which you want to avoid.
What is the best way to actively see your static U-Boot env that gets
linked into U-Boot? I can see it with a hexdump but there must be a
better way by looking at an include file?
From running u-boot, => env print
From host:
make u-boot-initial-env
cat u-boot-initial-env
Best regards,
Stefano
What is the best way to set the list of vars that you wish to be
allowed to be imported from a FLASH env?
Ideally none, and if you really want to make sure something can be
pulled in from external env, then:
#define CONFIG_ENV_FLAGS_LIST_STATIC "var1:dw,var2:dw"
And those config options I had enabled in u-boot defconfig:
CONFIG_CMD_ENV_CALLBACK=y
CONFIG_CMD_ENV_FLAGS=y
CONFIG_ENV_IS_NOWHERE=y
CONFIG_ENV_IS_IN_MMC=y
CONFIG_ENV_APPEND=y
CONFIG_ENV_WRITEABLE_LIST=y
CONFIG_ENV_ACCESS_IGNORE_FORCE=y
