Hello Heiko Sorry for the noise, please ignore this comment - it is just for internal development use.
Best Regards Walter On Wed, 2026-02-18 at 17:19 +0000, Schweizer, Walter (SI B PRO TI EAC CCP) wrote: > Hello Heiko > > Recently we discovered that we need to add "bootcmd:sw" to the > CFG_ENV_FLAGS_LIST_STATIC list. > > Best Regards > Walter > > -----Original Message----- > From: Heiko Schocher <[email protected]> > Sent: Tuesday, February 17, 2026 5:39 PM > To: U-Boot Mailing List <[email protected]> > Cc: Fabio Estevam <[email protected]>; Peng Fan <[email protected]>; > Freihofer, Adrian (SI B PRO TI EAC CCP) <[email protected]>; Heiko > Schocher <[email protected]>; Peng Fan <[email protected]>; Sverdlin, Alexander > (SI B PRO TI EAC CCP) <[email protected]>; Marek Vasut > <[email protected]>; Simon Glass <[email protected]>; Tom Rini > <[email protected]>; Schweizer, Walter (SI B PRO TI EAC CCP) > <[email protected]> > Subject: [PATCH v3 11/11] siemens: capricorn: protect environment > > From: Adrian Freihofer <[email protected]> > > With ENV_WRITEABLE_LIST only specific environment variables lisetd in > CFG_ENV_FLAGS_LIST_STATIC are read from the u-boot environment storage. > All other environment variables are set to default values and are not written > back to the storage. > > The u-boot environment usually stays for the lifetime of the product. > There is no A/B copy mechanism as for the firmware itself. That means that > incompatible changes to environment variables in future u-boot versions may > lead to serious issues if the old environment is used with a new u-boot > version or vice versa. > > Having this protection in place ensures that only a limited set of environment > variables are persisted across u-boot versions. All the macros not listed in > CFG_ENV_FLAGS_LIST_STATIC are now part of the u-boot binary which is redundant > and immutable. This guarantees that the u-boot version and the default values > of these environment variables are always in sync and cannot be changed at > runtime. > > ustate and rastate are not relevant for u-boot itself. ustate is used by > swupdate which persists the transaction state in the environment. > rastate is a similar variable used by another user space application. > > Signed-off-by: Adrian Freihofer <[email protected]> > Signed-off-by: Heiko Schocher <[email protected]> > Reviewed-by: Peng Fan <[email protected]> > > --- > > (no changes since v2) > > Changes in v2: > Added Reviewed-by from Peng > Reworked writeable variable list, as we dropped patch > "env: add w flags for net config in explicit write mode" > > configs/imx8qxp_capricorn.config | 1 + > include/configs/capricorn-common.h | 13 +++++++++++++ > 2 files changed, 14 insertions(+) > > diff --git a/configs/imx8qxp_capricorn.config > b/configs/imx8qxp_capricorn.config > index 626634cb09c..2bae5b1a862 100644 > --- a/configs/imx8qxp_capricorn.config > +++ b/configs/imx8qxp_capricorn.config > @@ -12,6 +12,7 @@ CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x80200000 > CONFIG_ENV_SIZE=0x2000 > CONFIG_ENV_REDUNDANT=y > CONFIG_ENV_MMC_EMMC_HW_PARTITION=2 > +CONFIG_ENV_WRITEABLE_LIST=y > > CONFIG_DM_GPIO=y > CONFIG_AHAB_BOOT=y > diff --git a/include/configs/capricorn-common.h b/include/configs/capricorn- > common.h > index 7120a44d186..ee13d2ab950 100644 > --- a/include/configs/capricorn-common.h > +++ b/include/configs/capricorn-common.h > @@ -38,6 +38,19 @@ > #define CFG_EXTRA_ENV_SETTINGS \ > AHAB_ENV > > +#ifdef CONFIG_ENV_WRITEABLE_LIST > +#define CFG_ENV_FLAGS_LIST_STATIC \ > + "bootcount:dw," \ > + "bootdelay:sw," \ > + "bootlimit:dw," \ > + "partitionset_active:sw," \ > + "rastate:dw," \ > + "sig_a:sw,sig_b:sw," \ > + "target_env:sw," \ > + "upgrade_available:dw," \ > + "ustate:dw" > +#endif > + > /* Default location for tftp and bootm */ > > /* On CCP board, USDHC1 is for eMMC */ > -- > 2.20.1 > -- Walter Schweizer Siemens AG www.siemens.com
