Message ID | d14dc034cd765a2faa8f6bb38c34ca5f329791e7.1675427201.git.jan.kiszka@siemens.com |
---|---|
State | Superseded |
Delegated to: | Tom Rini |
Headers | show |
Series | IOT2050-related enhancements | expand |
On Fri, Feb 03, 2023 at 01:26:34PM +0100, Jan Kiszka wrote: > From: Jan Kiszka <jan.kiszka@siemens.com> > > Will be needed when CONFIG_ENV_WRITEABLE_LIST is enabled. The listed > variables shall remain writable, for informational purposes - they have > to be considered untrusted because the persistent U-Boot env is not > protected. > > Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > --- > include/configs/iot2050.h | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/include/configs/iot2050.h b/include/configs/iot2050.h > index 5186dfd8ff8..52094e18ea8 100644 > --- a/include/configs/iot2050.h > +++ b/include/configs/iot2050.h > @@ -56,4 +56,12 @@ > > #include <configs/ti_armv7_common.h> > > +#ifdef CONFIG_ENV_WRITEABLE_LIST > +/* relevant for secure boot with CONFIG_ENV_WRITEABLE_LIST=y */ > +#define CONFIG_ENV_FLAGS_LIST_STATIC \ > + "board_uuid:sw,board_name:sw,board_serial:sw,board_a5e:sw," \ > + "mlfb:sw,fw_version:sw,seboot_version:sw," \ > + "eth1addr:mw,eth2addr:mw,watchdog_timeout_ms:dw,boot_targets:sw" > +#endif > + > #endif /* __CONFIG_IOT2050_H */ I don't think you've tested the whole series on top of current master, this needs to be CFG_ENV_FLAGS_LIST_STATIC. If this is the only thing that needs changing, I can just correct this while applying, otherwise a v6, and I'll try my best to not forget to grab this before -rc2, I know this whole series has been waiting a while so I thank you for your patience and persistence here.
On 03.02.23 19:52, Tom Rini wrote: > On Fri, Feb 03, 2023 at 01:26:34PM +0100, Jan Kiszka wrote: >> From: Jan Kiszka <jan.kiszka@siemens.com> >> >> Will be needed when CONFIG_ENV_WRITEABLE_LIST is enabled. The listed >> variables shall remain writable, for informational purposes - they have >> to be considered untrusted because the persistent U-Boot env is not >> protected. >> >> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> >> --- >> include/configs/iot2050.h | 8 ++++++++ >> 1 file changed, 8 insertions(+) >> >> diff --git a/include/configs/iot2050.h b/include/configs/iot2050.h >> index 5186dfd8ff8..52094e18ea8 100644 >> --- a/include/configs/iot2050.h >> +++ b/include/configs/iot2050.h >> @@ -56,4 +56,12 @@ >> >> #include <configs/ti_armv7_common.h> >> >> +#ifdef CONFIG_ENV_WRITEABLE_LIST >> +/* relevant for secure boot with CONFIG_ENV_WRITEABLE_LIST=y */ >> +#define CONFIG_ENV_FLAGS_LIST_STATIC \ >> + "board_uuid:sw,board_name:sw,board_serial:sw,board_a5e:sw," \ >> + "mlfb:sw,fw_version:sw,seboot_version:sw," \ >> + "eth1addr:mw,eth2addr:mw,watchdog_timeout_ms:dw,boot_targets:sw" >> +#endif >> + >> #endif /* __CONFIG_IOT2050_H */ > > I don't think you've tested the whole series on top of current master, > this needs to be CFG_ENV_FLAGS_LIST_STATIC. If this is the only thing > that needs changing, I can just correct this while applying, otherwise a > v6, and I'll try my best to not forget to grab this before -rc2, I know > this whole series has been waiting a while so I thank you for your > patience and persistence here. > Oh, thanks for pointing that I indeed forgot to test the secure boot case again this time. I'll fix up and do v6 ASAP. Jan
diff --git a/include/configs/iot2050.h b/include/configs/iot2050.h index 5186dfd8ff8..52094e18ea8 100644 --- a/include/configs/iot2050.h +++ b/include/configs/iot2050.h @@ -56,4 +56,12 @@ #include <configs/ti_armv7_common.h> +#ifdef CONFIG_ENV_WRITEABLE_LIST +/* relevant for secure boot with CONFIG_ENV_WRITEABLE_LIST=y */ +#define CONFIG_ENV_FLAGS_LIST_STATIC \ + "board_uuid:sw,board_name:sw,board_serial:sw,board_a5e:sw," \ + "mlfb:sw,fw_version:sw,seboot_version:sw," \ + "eth1addr:mw,eth2addr:mw,watchdog_timeout_ms:dw,boot_targets:sw" +#endif + #endif /* __CONFIG_IOT2050_H */