Patchwork [U-Boot,07/20] x86: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading

login
register
mail settings
Submitter Simon Glass
Date Nov. 3, 2012, 9:41 p.m.
Message ID <1351978902-23719-8-git-send-email-sjg@chromium.org>
Download mbox | patch
Permalink /patch/196944/
State Accepted, archived
Delegated to: Simon Glass
Headers show

Comments

Simon Glass - Nov. 3, 2012, 9:41 p.m.
From: Stefan Reinauer <reinauer@chromium.org>

This option delays loading of the environment until later, so that only the
default environment will be available to U-Boot.

This can address the security risk of untrusted data being used during boot.

When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a
run-time way of enabling loadinlg of the environment. Add this to the
fdt as /config/delay-environment.

Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Reinauer <reinauer@chromium.org>
---
 arch/x86/lib/init_wrappers.c |   28 +++++++++++++++++++++++++++-
 1 files changed, 27 insertions(+), 1 deletions(-)

Patch

diff --git a/arch/x86/lib/init_wrappers.c b/arch/x86/lib/init_wrappers.c
index 71449fe..cca018f 100644
--- a/arch/x86/lib/init_wrappers.c
+++ b/arch/x86/lib/init_wrappers.c
@@ -21,6 +21,7 @@ 
  * MA 02111-1307 USA
  */
 #include <common.h>
+#include <environment.h>
 #include <serial.h>
 #include <kgdb.h>
 #include <scsi.h>
@@ -36,10 +37,35 @@  int serial_initialize_r(void)
 	return 0;
 }
 
+/*
+ * Tell if it's OK to load the environment early in boot.
+ *
+ * If CONFIG_OF_CONFIG is defined, we'll check with the FDT to see
+ * if this is OK (defaulting to saying it's not OK).
+ *
+ * NOTE: Loading the environment early can be a bad idea if security is
+ *       important, since no verification is done on the environment.
+ *
+ * @return 0 if environment should not be loaded, !=0 if it is ok to load
+ */
+static int should_load_env(void)
+{
+#ifdef CONFIG_OF_CONTROL
+	return fdtdec_get_config_int(gd->fdt_blob, "load-environment", 0);
+#elif defined CONFIG_DELAY_ENVIRONMENT
+	return 0;
+#else
+	return 1;
+#endif
+}
+
 int env_relocate_r(void)
 {
 	/* initialize environment */
-	env_relocate();
+	if (should_load_env())
+		env_relocate();
+	else
+		set_default_env(NULL);
 
 	return 0;
 }