From patchwork Thu Nov  1 23:42:05 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@chromium.org>
X-Patchwork-Id: 196417
X-Patchwork-Delegate: albert.aribaud@free.fr
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from theia.denx.de (theia.denx.de [85.214.87.163])
	by ozlabs.org (Postfix) with ESMTP id CB74D2C01C8
	for <incoming@patchwork.ozlabs.org>;
	Fri,  2 Nov 2012 10:43:45 +1100 (EST)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id D68004A6EB;
	Fri,  2 Nov 2012 00:43:39 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at theia.denx.de
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id vYHN1Ban4aFX; Fri,  2 Nov 2012 00:43:39 +0100 (CET)
Received: from theia.denx.de (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id A3F634A6A7;
	Fri,  2 Nov 2012 00:43:23 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 014004A698
	for <u-boot@lists.denx.de>; Fri,  2 Nov 2012 00:43:20 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at theia.denx.de
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id MI47MOoM33Hq for <u-boot@lists.denx.de>;
	Fri,  2 Nov 2012 00:43:18 +0100 (CET)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
	NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested)
Received: from mail-vc0-f202.google.com (mail-vc0-f202.google.com
	[209.85.220.202])
	by theia.denx.de (Postfix) with ESMTPS id 0D3ED4A690
	for <u-boot@lists.denx.de>; Fri,  2 Nov 2012 00:43:16 +0100 (CET)
Received: by mail-vc0-f202.google.com with SMTP id fy27so364132vcb.3
	for <u-boot@lists.denx.de>; Thu, 01 Nov 2012 16:43:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references
	:x-gm-message-state;
	bh=O40bhCGsM5yGj2IcUa4Y/QYZNvYHUbPhWPDQUrJH4mc=;
	b=p1vu7MYu9iSe6Qz6RjMK7TJQzvDP3wVqAt1tYk0EUXXmXq+ZoK5o5ngfkgYIjplFxn
	/RKjqkwsj8Wr3VlNp50GY4/qYcWHs5/Jxxa0VUcgEovq7VRmnw/0ihHx+RRbuX49PaBC
	nUwI7tGPuTwx7Sppzeq8y488UVK8/xt5OFrSBKTPupVmDdg0TgaVfgznsm8NyFeMeEfL
	fFn8iyPLcs7fo9cYGvWyf0azIAW1nFQ4KGjEacQzaccR1YyiaqFNRL4YVgqyP/PAVIws
	yT1MHnE0Yx/aJCsTI9NtN5Hqj8UITvFY1zH9mHefAJuRP7vPBwWdVauRxJjvtUP/xDRw
	y6mQ==
Received: by 10.236.138.232 with SMTP id a68mr3884yhj.28.1351813395334;
	Thu, 01 Nov 2012 16:43:15 -0700 (PDT)
Received: from wpzn3.hot.corp.google.com (216-239-44-65.google.com
	[216.239.44.65]) by gmr-mx.google.com with ESMTPS id
	r6si530663yhc.7.2012.11.01.16.43.15
	(version=TLSv1/SSLv3 cipher=AES128-SHA);
	Thu, 01 Nov 2012 16:43:15 -0700 (PDT)
Received: from kaka.mtv.corp.google.com (kaka.mtv.corp.google.com
	[172.22.73.79])
	by wpzn3.hot.corp.google.com (Postfix) with ESMTP id B0EE8100049;
	Thu,  1 Nov 2012 16:43:14 -0700 (PDT)
Received: by kaka.mtv.corp.google.com (Postfix, from userid 121222)
	id 61773160CB6; Thu,  1 Nov 2012 16:43:14 -0700 (PDT)
From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Date: Thu,  1 Nov 2012 16:42:05 -0700
Message-Id: <1351813330-23741-5-git-send-email-sjg@chromium.org>
X-Mailer: git-send-email 1.7.7.3
In-Reply-To: <1351813330-23741-1-git-send-email-sjg@chromium.org>
References: <1351813330-23741-1-git-send-email-sjg@chromium.org>
X-Gm-Message-State: 
 ALoCoQk5Cybqi6YrN1RTIp4awWsbonVneOz3nrLGqczVsOEmt/hWEVxNy/rpmAkJatqFlIDIrWQkVhNhlVFuRz8SkZeOeHSDsJcTOKa4fpG0f4+VPzcZvM9eQJU6lBFh3sa37hpe8oMwJ/m5tIuy/kFr/c2Bj1ijsHOvLureWTqF6ZxvrsbGmGXl/KiVVZTUN8k4LCbN91uw
Subject: [U-Boot] [PATCH 05/10] arm: Add CONFIG_DELAY_ENVIRONMENT to delay
	environment loading
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <http://lists.denx.de/mailman/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <http://lists.denx.de/mailman/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Sender: u-boot-bounces@lists.denx.de
Errors-To: u-boot-bounces@lists.denx.de

This option delays loading of the environment until later, so that only the
default environment will be available to U-Boot.

This can address the security risk of untrusted data being used during boot.

When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a
run-time way of enabling loadinlg of the environment. Add this to the
fdt as /config/delay-environment.

Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/

Signed-off-by: Doug Anderson <dianders@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
---
 README               |    9 +++++++++
 arch/arm/lib/board.c |   29 +++++++++++++++++++++++++++--
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/README b/README
index 22fd6b7..589e22a 100644
--- a/README
+++ b/README
@@ -2311,6 +2311,15 @@ CBFS (Coreboot Filesystem) support
 		- CONFIG_SYS_VENDOR
 		- CONFIG_SYS_SOC
 
+		CONFIG_DELAY_ENVIRONMENT
+
+		Normally the environment is loaded when the board is
+		intialised so that it is available to U-Boot. This inhibits
+		that so that the environment is not available until
+		explicitly loaded later by U-Boot code. With CONFIG_OF_CONTROL
+		this is instead controlled by the value of
+		/config/load-environment.
+
 - DataFlash Support:
 		CONFIG_HAS_DATAFLASH
 
diff --git a/arch/arm/lib/board.c b/arch/arm/lib/board.c
index 2ec6a43..d3053d8 100644
--- a/arch/arm/lib/board.c
+++ b/arch/arm/lib/board.c
@@ -40,6 +40,7 @@
 
 #include <common.h>
 #include <command.h>
+#include <environment.h>
 #include <malloc.h>
 #include <stdio_dev.h>
 #include <version.h>
@@ -469,7 +470,28 @@ static char *failed = "*** failed ***\n";
 #endif
 
 /*
- ************************************************************************
+ * Tell if it's OK to load the environment early in boot.
+ *
+ * If CONFIG_OF_CONFIG is defined, we'll check with the FDT to see
+ * if this is OK (defaulting to saying it's not OK).
+ *
+ * NOTE: Loading the environment early can be a bad idea if security is
+ *       important, since no verification is done on the environment.
+ *
+ * @return 0 if environment should not be loaded, !=0 if it is ok to load
+ */
+static int should_load_env(void)
+{
+#ifdef CONFIG_OF_CONTROL
+	return fdtdec_get_config_int(gd->fdt_blob, "load-environment", 0);
+#elif defined CONFIG_DELAY_ENVIRONMENT
+	return 0;
+#else
+	return 1;
+#endif
+}
+
+/************************************************************************
  *
  * This is the next part if the initialization sequence: we are now
  * running from RAM and have a "normal" C environment, i. e. global
@@ -575,7 +597,10 @@ void board_init_r(gd_t *id, ulong dest_addr)
 #endif
 
 	/* initialize environment */
-	env_relocate();
+	if (should_load_env())
+		env_relocate();
+	else
+		set_default_env(NULL);
 
 #if defined(CONFIG_CMD_PCI) || defined(CONFIG_PCI)
 	arm_pci_init();