Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2147600/?format=api
{ "id": 2147600, "url": "http://patchwork.ozlabs.org/api/patches/2147600/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20251009123435.960225-1-anshuld@ti.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20251009123435.960225-1-anshuld@ti.com>", "list_archive_url": null, "date": "2025-10-09T12:34:34", "name": "[v1] env: Kconfig: disable external env in secure os boot", "commit_ref": "1e470ddd0743bbd1f229421e11e9ad2093f7fd20", "pull_url": null, "state": "accepted", "archived": false, "hash": "65e568eef74c2ca58a289b5510cd4e66e221dddc", "submitter": { "id": 90324, "url": "http://patchwork.ozlabs.org/api/people/90324/?format=api", "name": "Anshul Dalal", "email": "anshuld@ti.com" }, "delegate": { "id": 3651, "url": "http://patchwork.ozlabs.org/api/users/3651/?format=api", "username": "trini", "first_name": "Tom", "last_name": "Rini", "email": "trini@ti.com" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20251009123435.960225-1-anshuld@ti.com/mbox/", "series": [ { "id": 476903, "url": "http://patchwork.ozlabs.org/api/series/476903/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=476903", "date": "2025-10-09T12:34:34", "name": "[v1] env: Kconfig: disable external env in secure os boot", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/476903/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2147600/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2147600/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=ti.com header.i=@ti.com header.a=rsa-sha256\n header.s=ti-com-17Q1 header.b=qfrgkMMy;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=pass (p=quarantine dis=none) header.from=ti.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=ti.com header.i=@ti.com header.b=\"qfrgkMMy\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=quarantine dis=none) header.from=ti.com", "phobos.denx.de; spf=pass smtp.mailfrom=anshuld@ti.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature ECDSA (secp384r1))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4cj8TL5TTkz1yGS\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 9 Oct 2025 23:34:46 +1100 (AEDT)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id B31FF83BC4;\n\tThu, 9 Oct 2025 14:34:43 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id 45A0183C6D; Thu, 9 Oct 2025 14:34:42 +0200 (CEST)", "from lelvem-ot02.ext.ti.com (lelvem-ot02.ext.ti.com [198.47.23.235])\n (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n bits)) (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id D136D83A3A\n for <u-boot@lists.denx.de>; Thu, 9 Oct 2025 14:34:39 +0200 (CEST)", "from lelvem-sh02.itg.ti.com ([10.180.78.226])\n by lelvem-ot02.ext.ti.com (8.15.2/8.15.2) with ESMTP id 599CYcBc533354;\n Thu, 9 Oct 2025 07:34:38 -0500", "from DLEE211.ent.ti.com (dlee211.ent.ti.com [157.170.170.113])\n by lelvem-sh02.itg.ti.com (8.18.1/8.18.1) with ESMTPS id 599CYcLI915335\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);\n Thu, 9 Oct 2025 07:34:38 -0500", "from DLEE210.ent.ti.com (157.170.170.112) by DLEE211.ent.ti.com\n (157.170.170.113) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Thu, 9 Oct\n 2025 07:34:37 -0500", "from lelvem-mr05.itg.ti.com (10.180.75.9) by DLEE210.ent.ti.com\n (157.170.170.112) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20 via Frontend\n Transport; Thu, 9 Oct 2025 07:34:37 -0500", "from localhost (dhcp-172-24-233-105.dhcp.ti.com [172.24.233.105])\n by lelvem-mr05.itg.ti.com (8.18.1/8.18.1) with ESMTP id 599CYaTI252854;\n Thu, 9 Oct 2025 07:34:37 -0500" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,\n DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,\n RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,\n RCVD_IN_VALIDITY_RPBL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com;\n s=ti-com-17Q1; t=1760013278;\n bh=ezR/MsOTFFDcNSafhB79i3jp8MskHLyY9girqJk46og=;\n h=From:To:CC:Subject:Date;\n b=qfrgkMMyp/sdi9u8FUWYnsaDCAOefUDefp/yYs/9+c3KBkV8jAZIDYrsdUHDTE4Hs\n bvJ1uFjt4pL0RWD3KeTX5ELzq06JCn9tQlR2yk+bdjgM9+g+V0te6O56zsHa1VKwv1\n 2p78V5M/yL6HUhe38hTIonZ07/mCsQWQgWP3BrFg=", "From": "Anshul Dalal <anshuld@ti.com>", "To": "<u-boot@lists.denx.de>", "CC": "Anshul Dalal <anshuld@ti.com>, <vigneshr@ti.com>, <trini@konsulko.com>,\n <afd@ti.com>, <m-chawdhry@ti.com>, <n-francis@ti.com>, <b-liu@ti.com>,\n <nm@ti.com>, <bb@ti.com>", "Subject": "[PATCH v1] env: Kconfig: disable external env in secure os boot", "Date": "Thu, 9 Oct 2025 18:04:34 +0530", "Message-ID": "<20251009123435.960225-1-anshuld@ti.com>", "X-Mailer": "git-send-email 2.51.0", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-C2ProcessedOrg": "333ef613-75bf-4e12-a4b1-8e3623f5dcea", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "Falcon mode uses falcon_image_file from the env during mmc fs boot, but\nexternal env can be compromised. Therefore disable access to external\nenv by setting SPL_ENV_IS_NOWHERE when SPL_OS_BOOT_SECURE is set.\n\nSigned-off-by: Anshul Dalal <anshuld@ti.com>\n---\nThis is a standalone patch from an older RFC:\nhttps://lore.kernel.org/u-boot/20250911131414.3296697-16-anshuld@ti.com/\n\nChanges:\n - Add a `depends on !SPL_OS_BOOT_SECURE` for each SPL_ENV_IS_IN_*\n\nDepends on:\n [PATCH -next v3 1/7] spl: Kconfig: add SPL_OS_BOOT_SECURE config symbol:\n - https://lore.kernel.org/u-boot/20251006101057.4172248-2-anshuld@ti.com/\n---\n env/Kconfig | 7 +++++++\n 1 file changed, 7 insertions(+)", "diff": "diff --git a/env/Kconfig b/env/Kconfig\nindex adea277470f..ce88d640156 100644\n--- a/env/Kconfig\n+++ b/env/Kconfig\n@@ -827,12 +827,14 @@ if SPL_ENV_SUPPORT\n config SPL_ENV_IS_NOWHERE\n \tbool \"SPL Environment is not stored\"\n \tdefault y if ENV_IS_NOWHERE\n+\tdefault y if SPL_OS_BOOT_SECURE\n \thelp\n \t Similar to ENV_IS_NOWHERE, used for SPL environment.\n \n config SPL_ENV_IS_IN_MMC\n \tbool \"SPL Environment in an MMC device\"\n \tdepends on !SPL_ENV_IS_NOWHERE\n+\tdepends on !SPL_OS_BOOT_SECURE\n \tdepends on ENV_IS_IN_MMC\n \tdefault y\n \thelp\n@@ -841,6 +843,7 @@ config SPL_ENV_IS_IN_MMC\n config SPL_ENV_IS_IN_FAT\n \tbool \"SPL Environment is in a FAT filesystem\"\n \tdepends on !SPL_ENV_IS_NOWHERE\n+\tdepends on !SPL_OS_BOOT_SECURE\n \tdepends on ENV_IS_IN_FAT\n \tdefault y\n \thelp\n@@ -849,6 +852,7 @@ config SPL_ENV_IS_IN_FAT\n config SPL_ENV_IS_IN_EXT4\n \tbool \"SPL Environment is in a EXT4 filesystem\"\n \tdepends on !SPL_ENV_IS_NOWHERE\n+\tdepends on !SPL_OS_BOOT_SECURE\n \tdepends on ENV_IS_IN_EXT4\n \tdefault y\n \thelp\n@@ -857,6 +861,7 @@ config SPL_ENV_IS_IN_EXT4\n config SPL_ENV_IS_IN_NAND\n \tbool \"SPL Environment in a NAND device\"\n \tdepends on !SPL_ENV_IS_NOWHERE\n+\tdepends on !SPL_OS_BOOT_SECURE\n \tdepends on ENV_IS_IN_NAND\n \tdefault y\n \thelp\n@@ -865,6 +870,7 @@ config SPL_ENV_IS_IN_NAND\n config SPL_ENV_IS_IN_SPI_FLASH\n \tbool \"SPL Environment is in SPI flash\"\n \tdepends on !SPL_ENV_IS_NOWHERE\n+\tdepends on !SPL_OS_BOOT_SECURE\n \tdepends on ENV_IS_IN_SPI_FLASH\n \tdefault y\n \thelp\n@@ -873,6 +879,7 @@ config SPL_ENV_IS_IN_SPI_FLASH\n config SPL_ENV_IS_IN_FLASH\n \tbool \"SPL Environment in flash memory\"\n \tdepends on !SPL_ENV_IS_NOWHERE\n+\tdepends on !SPL_OS_BOOT_SECURE\n \tdepends on ENV_IS_IN_FLASH\n \tdefault y\n \thelp\n", "prefixes": [ "v1" ] }