On Wed, Jun 14, 2023 at 12:34 AM Bin Meng <[email protected]> wrote: > > On Wed, Jun 14, 2023 at 2:41 AM Tom Rini <[email protected]> wrote: > > > > On Tue, Jun 13, 2023 at 11:52:16AM +0100, Peter Robinson wrote: > > > > > While NFS is widely used in data centres, and private > > > networks it's quite a nuanced usecase for device firmware. > > > A lot of devices already disable it. > > > > > > Various network protocols should really be opt in, not opt > > > out, because they add extra size and are potential attack > > > vectors from a security PoV. In the NFS case it doesn't > > > really make sense for a lot of devices like tables, SBCs etc. > > > It's also something we don't really want for SystemReady-IR > > > due to security concerns. > > > > > > Signed-off-by: Peter Robinson <[email protected]> > > > --- > > > > > > This is a RFC to start a discussion around things like NFS, > > > with the addistion of old protocols like NFSv1 that were never > > > publicly released [1] we really shouldn't be enabling this by > > > default. > > > > > > I am aware it will likely break the functionality for users > > > that do use the various versions of NFS but it's straight forward > > > to add CMD_NFS as an explicit config. It's for this reason I > > > label the patch as RFC. > > > > > > There was about a 5Kb saving here when I tested a build with > > > pinebook-pro-rk3399. > > > > > > Peter > > > > > > [1] https://en.wikipedia.org/wiki/Network_File_System > > [snip] > > > > This is probably fine, honestly. I don't see any environments that > > default to making use of NFS within U-Boot (which is not the same as > > nfsroot for Linux, which a number of platforms have options for by > > default). > > > > How about changing > > config CMD_NFS > bool "nfs" > default y > help > Boot image via network using NFS protocol. > > To > > default n ?
The defaut is n so just removing it has the same effect, and that's what most, but not all, things do. See CMD_RARP in the same list. Peter
