summaryrefslogtreecommitdiff
path: root/arch/x86/lib
diff options
context:
space:
mode:
authorStefan Reinauer <reinauer@chromium.org>2012-11-03 11:41:29 +0000
committerSimon Glass <sjg@chromium.org>2012-12-06 14:30:42 -0800
commit05b71646a93839ad6fb1073f5e25ead928c1717d (patch)
tree7835c687820f0fecde7deea8ecbada485f66fb58 /arch/x86/lib
parent91d82a29e7aec12c97dcd4a4be1962f6d794b35c (diff)
downloadu-boot-imx-05b71646a93839ad6fb1073f5e25ead928c1717d.zip
u-boot-imx-05b71646a93839ad6fb1073f5e25ead928c1717d.tar.gz
u-boot-imx-05b71646a93839ad6fb1073f5e25ead928c1717d.tar.bz2
x86: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading
This option delays loading of the environment until later, so that only the default environment will be available to U-Boot. This can address the security risk of untrusted data being used during boot. When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a run-time way of enabling loadinlg of the environment. Add this to the fdt as /config/delay-environment. Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/ Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Stefan Reinauer <reinauer@chromium.org>
Diffstat (limited to 'arch/x86/lib')
-rw-r--r--arch/x86/lib/init_wrappers.c28
1 files changed, 27 insertions, 1 deletions
diff --git a/arch/x86/lib/init_wrappers.c b/arch/x86/lib/init_wrappers.c
index 71449fe..cca018f 100644
--- a/arch/x86/lib/init_wrappers.c
+++ b/arch/x86/lib/init_wrappers.c
@@ -21,6 +21,7 @@
* MA 02111-1307 USA
*/
#include <common.h>
+#include <environment.h>
#include <serial.h>
#include <kgdb.h>
#include <scsi.h>
@@ -36,10 +37,35 @@ int serial_initialize_r(void)
return 0;
}
+/*
+ * Tell if it's OK to load the environment early in boot.
+ *
+ * If CONFIG_OF_CONFIG is defined, we'll check with the FDT to see
+ * if this is OK (defaulting to saying it's not OK).
+ *
+ * NOTE: Loading the environment early can be a bad idea if security is
+ * important, since no verification is done on the environment.
+ *
+ * @return 0 if environment should not be loaded, !=0 if it is ok to load
+ */
+static int should_load_env(void)
+{
+#ifdef CONFIG_OF_CONTROL
+ return fdtdec_get_config_int(gd->fdt_blob, "load-environment", 0);
+#elif defined CONFIG_DELAY_ENVIRONMENT
+ return 0;
+#else
+ return 1;
+#endif
+}
+
int env_relocate_r(void)
{
/* initialize environment */
- env_relocate();
+ if (should_load_env())
+ env_relocate();
+ else
+ set_default_env(NULL);
return 0;
}