diff options
author | Stefan Reinauer <reinauer@chromium.org> | 2012-11-03 11:41:29 +0000 |
---|---|---|
committer | Simon Glass <sjg@chromium.org> | 2012-12-06 14:30:42 -0800 |
commit | 05b71646a93839ad6fb1073f5e25ead928c1717d (patch) | |
tree | 7835c687820f0fecde7deea8ecbada485f66fb58 /arch | |
parent | 91d82a29e7aec12c97dcd4a4be1962f6d794b35c (diff) | |
download | u-boot-imx-05b71646a93839ad6fb1073f5e25ead928c1717d.zip u-boot-imx-05b71646a93839ad6fb1073f5e25ead928c1717d.tar.gz u-boot-imx-05b71646a93839ad6fb1073f5e25ead928c1717d.tar.bz2 |
x86: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading
This option delays loading of the environment until later, so that only the
default environment will be available to U-Boot.
This can address the security risk of untrusted data being used during boot.
When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a
run-time way of enabling loadinlg of the environment. Add this to the
fdt as /config/delay-environment.
Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Reinauer <reinauer@chromium.org>
Diffstat (limited to 'arch')
-rw-r--r-- | arch/x86/lib/init_wrappers.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/arch/x86/lib/init_wrappers.c b/arch/x86/lib/init_wrappers.c index 71449fe..cca018f 100644 --- a/arch/x86/lib/init_wrappers.c +++ b/arch/x86/lib/init_wrappers.c @@ -21,6 +21,7 @@ * MA 02111-1307 USA */ #include <common.h> +#include <environment.h> #include <serial.h> #include <kgdb.h> #include <scsi.h> @@ -36,10 +37,35 @@ int serial_initialize_r(void) return 0; } +/* + * Tell if it's OK to load the environment early in boot. + * + * If CONFIG_OF_CONFIG is defined, we'll check with the FDT to see + * if this is OK (defaulting to saying it's not OK). + * + * NOTE: Loading the environment early can be a bad idea if security is + * important, since no verification is done on the environment. + * + * @return 0 if environment should not be loaded, !=0 if it is ok to load + */ +static int should_load_env(void) +{ +#ifdef CONFIG_OF_CONTROL + return fdtdec_get_config_int(gd->fdt_blob, "load-environment", 0); +#elif defined CONFIG_DELAY_ENVIRONMENT + return 0; +#else + return 1; +#endif +} + int env_relocate_r(void) { /* initialize environment */ - env_relocate(); + if (should_load_env()) + env_relocate(); + else + set_default_env(NULL); return 0; } |