env: Add option to only ever append environment

Add configuration option which prevents the environment hash table to be
ever cleared and reloaded with different content. This is useful in case
the first environment loaded into the hash table contains e.g. sensitive
content which must not be dropped or reloaded.

Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
This commit is contained in:
Marek Vasut 2020-07-07 20:51:38 +02:00 committed by Tom Rini
parent 890feecaab
commit 47f3b1f243
3 changed files with 15 additions and 0 deletions

9
env/Kconfig vendored
View file

@ -614,6 +614,15 @@ config DELAY_ENVIRONMENT
later by U-Boot code. With CONFIG_OF_CONTROL this is instead
controlled by the value of /config/load-environment.
config ENV_APPEND
bool "Always append the environment with new data"
default n
help
If defined, the environment hash table is only ever appended with new
data, but the existing hash table can never be dropped and reloaded
with newly imported data. This may be used in combination with static
flags to e.g. to protect variables which must not be modified.
config ENV_ACCESS_IGNORE_FORCE
bool "Block forced environment operations"
default n

2
env/env.c vendored
View file

@ -201,7 +201,9 @@ int env_load(void)
printf("OK\n");
gd->env_load_prio = prio;
#if !CONFIG_IS_ENABLED(ENV_APPEND)
return 0;
#endif
} else if (ret == -ENOMSG) {
/* Handle "bad CRC" case */
if (best_prio == -1)

View file

@ -826,6 +826,10 @@ int himport_r(struct hsearch_data *htab,
if (nvars)
memcpy(localvars, vars, sizeof(vars[0]) * nvars);
#if CONFIG_IS_ENABLED(ENV_APPEND)
flag |= H_NOCLEAR;
#endif
if ((flag & H_NOCLEAR) == 0 && !nvars) {
/* Destroy old hash table if one exists */
debug("Destroy Hash Table: %p table = %p\n", htab,