diff --git a/env/Kconfig b/env/Kconfig
index af63ac52f7..ed94e83ec1 100644
--- a/env/Kconfig
+++ b/env/Kconfig
@@ -592,6 +592,18 @@ config ENV_VARS_UBOOT_RUNTIME_CONFIG
 	  run-time determined information about the hardware to the
 	  environment.  These will be named board_name, board_rev.
 
+config DELAY_ENVIRONMENT
+	bool "Delay environment loading"
+	depends on !OF_CONTROL
+	help
+	  Enable this to inhibit loading the environment during board
+	  initialization. This can address the security risk of untrusted data
+	  being used during boot. Normally the environment is loaded when the
+	  board is initialised so that it is available to U-Boot. This inhibits
+	  that so that the environment is not available until explicitly loaded
+	  later by U-Boot code. With CONFIG_OF_CONTROL this is instead
+	  controlled by the value of /config/load-environment.
+
 if SPL_ENV_SUPPORT
 config SPL_ENV_IS_NOWHERE
 	bool "SPL Environment is not stored"
diff --git a/scripts/config_whitelist.txt b/scripts/config_whitelist.txt
index c57b87131f..6dde9bcdb1 100644
--- a/scripts/config_whitelist.txt
+++ b/scripts/config_whitelist.txt
@@ -303,7 +303,6 @@ CONFIG_DEFAULT
 CONFIG_DEFAULT_CONSOLE
 CONFIG_DEFAULT_IMMR
 CONFIG_DEF_HWCONFIG
-CONFIG_DELAY_ENVIRONMENT
 CONFIG_DESIGNWARE_ETH
 CONFIG_DEVELOP
 CONFIG_DEVICE_TREE_LIST