mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-29 08:01:08 +00:00
x86: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading
This option delays loading of the environment until later, so that only the default environment will be available to U-Boot. This can address the security risk of untrusted data being used during boot. When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a run-time way of enabling loadinlg of the environment. Add this to the fdt as /config/delay-environment. Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/ Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Stefan Reinauer <reinauer@chromium.org>
This commit is contained in:
parent
91d82a29e7
commit
05b71646a9
1 changed files with 27 additions and 1 deletions
|
@ -21,6 +21,7 @@
|
||||||
* MA 02111-1307 USA
|
* MA 02111-1307 USA
|
||||||
*/
|
*/
|
||||||
#include <common.h>
|
#include <common.h>
|
||||||
|
#include <environment.h>
|
||||||
#include <serial.h>
|
#include <serial.h>
|
||||||
#include <kgdb.h>
|
#include <kgdb.h>
|
||||||
#include <scsi.h>
|
#include <scsi.h>
|
||||||
|
@ -36,10 +37,35 @@ int serial_initialize_r(void)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Tell if it's OK to load the environment early in boot.
|
||||||
|
*
|
||||||
|
* If CONFIG_OF_CONFIG is defined, we'll check with the FDT to see
|
||||||
|
* if this is OK (defaulting to saying it's not OK).
|
||||||
|
*
|
||||||
|
* NOTE: Loading the environment early can be a bad idea if security is
|
||||||
|
* important, since no verification is done on the environment.
|
||||||
|
*
|
||||||
|
* @return 0 if environment should not be loaded, !=0 if it is ok to load
|
||||||
|
*/
|
||||||
|
static int should_load_env(void)
|
||||||
|
{
|
||||||
|
#ifdef CONFIG_OF_CONTROL
|
||||||
|
return fdtdec_get_config_int(gd->fdt_blob, "load-environment", 0);
|
||||||
|
#elif defined CONFIG_DELAY_ENVIRONMENT
|
||||||
|
return 0;
|
||||||
|
#else
|
||||||
|
return 1;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
int env_relocate_r(void)
|
int env_relocate_r(void)
|
||||||
{
|
{
|
||||||
/* initialize environment */
|
/* initialize environment */
|
||||||
env_relocate();
|
if (should_load_env())
|
||||||
|
env_relocate();
|
||||||
|
else
|
||||||
|
set_default_env(NULL);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue