{"id":2196500,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2196500/?format=json","project":{"id":18,"url":"http://patchwork.ozlabs.org/api/1.0/projects/18/?format=json","name":"U-Boot","link_name":"uboot","list_id":"u-boot.lists.denx.de","list_email":"u-boot@lists.denx.de","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<20260214045703.28051-12-hs@nabladev.com>","date":"2026-02-14T04:57:03","name":"[v2,11/11] siemens: capricorn: protect environment","commit_ref":null,"pull_url":null,"state":"changes-requested","archived":false,"hash":"080b16dd4ddef1af8091566e4695e22e563084c5","submitter":{"id":91409,"url":"http://patchwork.ozlabs.org/api/1.0/people/91409/?format=json","name":"Heiko Schocher","email":"hs@nabladev.com"},"delegate":{"id":151988,"url":"http://patchwork.ozlabs.org/api/1.0/users/151988/?format=json","username":"festevam","first_name":"Fabio","last_name":"Estevam","email":"festevam@gmail.com"},"mbox":"http://patchwork.ozlabs.org/project/uboot/patch/20260214045703.28051-12-hs@nabladev.com/mbox/","series":[{"id":492160,"url":"http://patchwork.ozlabs.org/api/1.0/series/492160/?format=json","date":"2026-02-14T04:56:52","name":"imx8qxp: siemens: small board updates","version":2,"mbox":"http://patchwork.ozlabs.org/series/492160/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2196500/checks/","tags":{},"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=nabladev.com header.i=@nabladev.com header.a=rsa-sha256\n header.s=dkim header.b=f8rCIZfG;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=nabladev.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=nabladev.com header.i=@nabladev.com\n header.b=\"f8rCIZfG\";\n\tdkim-atps=neutral","phobos.denx.de; dmarc=pass (p=reject dis=none)\n header.from=nabladev.com","phobos.denx.de; spf=pass smtp.mailfrom=hs@nabladev.com"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fCcJ96yKkz1xpY\n\tfor ; Sat, 14 Feb 2026 15:58:49 +1100 (AEDT)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 95F4283EAC;\n\tSat, 14 Feb 2026 05:57:21 +0100 (CET)","by phobos.denx.de (Postfix, from userid 109)\n id E938283DE4; Sat, 14 Feb 2026 05:57:19 +0100 (CET)","from mx.nabladev.com (mx.nabladev.com [178.251.229.89])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 0821883E48\n for ; Sat, 14 Feb 2026 05:57:18 +0100 (CET)","from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon)\n with ESMTPSA id 3996D110297; Sat, 14 Feb 2026 05:57:17 +0100 (CET)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,\n RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,\n SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=nabladev.com;\n s=dkim; t=1771045037; h=from:subject:date:message-id:to:cc:mime-version:\n content-transfer-encoding:in-reply-to:references;\n bh=ys4AnZz6nB7IrIRWPMvGfo7bKFbt+m11yVGd3sQsGIQ=;\n b=f8rCIZfGQ4+jt/DX+Tqsuof9Pr9BAlftVD5ReL4hTTFgG3SyNuJhLhkJeQ9btGvQca+llY\n ssTFbaoykHonujnBQTozMez10x3LjhRaR7HpcyeuG4JrpiNYvpJHLML9GBVYYylYIbYGKw\n j0W83WUbXzy4IYBAWylhafzOFjx3S7UwOwV16cCUTbxcYjrbLgdUiKpwwQ6AnWKtlVqEnH\n O0XGriKJSJ3h1/BLaHFGTrcq0oCuKwJ3STXZnr8DuT6AlSyJ3gVYm2xXQoP5aEXMz+mumd\n t4KAhq+w/kr5AI1t6Vhv8e2KIC7gczAkI7WnzwS6wygrff91hbgwerxlOu4n4A==","From":"Heiko Schocher ","To":"U-Boot Mailing List ","Cc":"Fabio Estevam , Peng Fan ,\n Adrian Freihofer ,\n Peng Fan , Heiko Schocher ,\n Alexander Sverdlin ,\n Marek Vasut ,\n Simon Glass , Tom Rini ,\n Tomas Peterka ,\n Walter Schweizer ","Subject":"[PATCH v2 11/11] siemens: capricorn: protect environment","Date":"Sat, 14 Feb 2026 05:57:03 +0100","Message-Id":"<20260214045703.28051-12-hs@nabladev.com>","X-Mailer":"git-send-email 2.20.1","In-Reply-To":"<20260214045703.28051-1-hs@nabladev.com>","References":"<20260214045703.28051-1-hs@nabladev.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-Last-TLS-Session-Version":"TLSv1.3","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" ","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"},"content":"From: Adrian Freihofer \n\nWith ENV_WRITEABLE_LIST only specific environment variables lisetd in\nCFG_ENV_FLAGS_LIST_STATIC are read from the u-boot environment storage.\nAll other environment variables are set to default values and are not\nwritten back to the storage.\n\nThe u-boot environment usually stays for the lifetime of the product.\nThere is no A/B copy mechanism as for the firmware itself. That means\nthat incompatible changes to environment variables in future u-boot\nversions may lead to serious issues if the old environment is used with\na new u-boot version or vice versa.\n\nHaving this protection in place ensures that only a limited set of\nenvironment variables are persisted across u-boot versions. All the\nmacros not listed in CFG_ENV_FLAGS_LIST_STATIC are now part of the\nu-boot binary which is redundant and immutable. This guarantees that\nthe u-boot version and the default values of these environment variables\nare always in sync and cannot be changed at runtime.\n\nustate and rastate are not relevant for u-boot itself. ustate is used\nby swupdate which persists the transaction state in the environment.\nrastate is a similar variable used by another user space application.\n\nSigned-off-by: Adrian Freihofer \nReviewed-by: Peng Fan \n\nSigned-off-by: Heiko Schocher \n---\n\nChanges in v2:\nAdded Reviewed-by from Peng\nReworked writeable variable list, as we dropped patch\n\"env: add w flags for net config in explicit write mode\"\n\n configs/imx8qxp_capricorn.config | 1 +\n include/configs/capricorn-common.h | 13 +++++++++++++\n 2 files changed, 14 insertions(+)","diff":"diff --git a/configs/imx8qxp_capricorn.config b/configs/imx8qxp_capricorn.config\nindex 626634cb09c..2bae5b1a862 100644\n--- a/configs/imx8qxp_capricorn.config\n+++ b/configs/imx8qxp_capricorn.config\n@@ -12,6 +12,7 @@ CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x80200000\n CONFIG_ENV_SIZE=0x2000\n CONFIG_ENV_REDUNDANT=y\n CONFIG_ENV_MMC_EMMC_HW_PARTITION=2\n+CONFIG_ENV_WRITEABLE_LIST=y\n \n CONFIG_DM_GPIO=y\n CONFIG_AHAB_BOOT=y\ndiff --git a/include/configs/capricorn-common.h b/include/configs/capricorn-common.h\nindex 7120a44d186..ee13d2ab950 100644\n--- a/include/configs/capricorn-common.h\n+++ b/include/configs/capricorn-common.h\n@@ -38,6 +38,19 @@\n #define CFG_EXTRA_ENV_SETTINGS \\\n \tAHAB_ENV\n \n+#ifdef CONFIG_ENV_WRITEABLE_LIST\n+#define CFG_ENV_FLAGS_LIST_STATIC \\\n+\t\"bootcount:dw,\" \\\n+\t\"bootdelay:sw,\" \\\n+\t\"bootlimit:dw,\" \\\n+\t\"partitionset_active:sw,\" \\\n+\t\"rastate:dw,\" \\\n+\t\"sig_a:sw,sig_b:sw,\" \\\n+\t\"target_env:sw,\" \\\n+\t\"upgrade_available:dw,\" \\\n+\t\"ustate:dw\"\n+#endif\n+\n /* Default location for tftp and bootm */\n \n /* On CCP board, USDHC1 is for eMMC */\n","prefixes":["v2","11/11"]}