On 4/3/21 4:21 AM, Tim Harvey wrote:
On Fri, Mar 26, 2021 at 11:34 AM Marek Vasut <[email protected]> wrote:
On 3/26/21 7:15 PM, Tim Harvey wrote:
Greetings,
Hi,
I'm trying to understand best how to lock down a U-Boot environment
using ENV_WRITEABLE_LIST=y.
My understanding is that I should define all vars that I wish to be
able to be loaded from a FLASH env in CONFIG_ENV_FLAGS_LIST_DEFAULT. I
would think this would be something in Kconfig but it's not so I
wonder if I'm misunderstanding something or if I truly need to patch a
config.h when using this feature.
You do need to patch board config in include/configs/ , since the flags
were note converted to Kconfig. And make sure you only use integer or
bool vars, since strings might contain scripts, which you want to avoid.
What is the best way to actively see your static U-Boot env that gets
linked into U-Boot? I can see it with a hexdump but there must be a
better way by looking at an include file?
From running u-boot, => env print
What is the best way to set the list of vars that you wish to be
allowed to be imported from a FLASH env?
Ideally none, and if you really want to make sure something can be
pulled in from external env, then:
#define CONFIG_ENV_FLAGS_LIST_STATIC "var1:dw,var2:dw"
Marek,
I can't seem to understand CONFIG_ENV_FLAGS_LIST_STATIC vs
CONFIG_ENF_FLAGS_LIST_DEFAULT. The code seems convoluted and
experimentally I am just as confused.
It seems that as soon as you define CONFIG_ENV_WRITEABLE_LIST=y then
all variables defined elsewhere (ie CONFIG_EXTRA_ENV_SETTINGS
CONFIG_BOOTCOMMAND) can no longer be imported from an env (they are
present if you clobber your flash env but not if anything is written
to it).
I quite simply want only the following environment:
kernel_addr_r=0x02000000
mmcbootpart=4
ustate=1
bootcmd setenv bootargs root=/dev/mmcblk0p${mmcbootpart} rootwait rw;
load mmc 0:${mmcbootpart} ${kernel_addr_r} boot/kernel.itb && bootm
${kernel_addr_r} - ${fdtcontroladdr}
This script is gonna be a problem, since it is something some external
entity can overwrite and implant random script into your env. That's why
I wrote you want minimal set of vars imported from external env and they
should be boolean or integer.
and the only variables with flags I want to be able to be overridden
from MMC_ENV are:
mmcbootpart:dw
usate:dw
It is too bad this can't be done via defconfig - perhaps when I
finally understand it I can submit a patch to move it to Kconfig.
And those config options I had enabled in u-boot defconfig:
CONFIG_CMD_ENV_CALLBACK=y
CONFIG_CMD_ENV_FLAGS=y
CONFIG_ENV_IS_NOWHERE=y
CONFIG_ENV_IS_IN_MMC=y
CONFIG_ENV_APPEND=y
CONFIG_ENV_WRITEABLE_LIST=y
CONFIG_ENV_ACCESS_IGNORE_FORCE=y
Do you really define both ENV_IS_NOWHERE and ENV_IS_IN_MMC? From what
I see if you define ENV_IS_NOWHERE none of the others will be used.
Yes, having two ENV drivers is mandatory. One provides the base env (the
nowhere) and the other is used to import the filtered extras from
external env.
