From 05b71646a93839ad6fb1073f5e25ead928c1717d Mon Sep 17 00:00:00 2001 From: Stefan Reinauer Date: Sat, 3 Nov 2012 11:41:29 +0000 Subject: [PATCH] x86: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading This option delays loading of the environment until later, so that only the default environment will be available to U-Boot. This can address the security risk of untrusted data being used during boot. When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a run-time way of enabling loadinlg of the environment. Add this to the fdt as /config/delay-environment. Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/ Signed-off-by: Simon Glass Signed-off-by: Stefan Reinauer --- arch/x86/lib/init_wrappers.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/arch/x86/lib/init_wrappers.c b/arch/x86/lib/init_wrappers.c index 71449fe..cca018f 100644 --- a/arch/x86/lib/init_wrappers.c +++ b/arch/x86/lib/init_wrappers.c @@ -21,6 +21,7 @@ * MA 02111-1307 USA */ #include +#include #include #include #include @@ -36,10 +37,35 @@ int serial_initialize_r(void) return 0; } +/* + * Tell if it's OK to load the environment early in boot. + * + * If CONFIG_OF_CONFIG is defined, we'll check with the FDT to see + * if this is OK (defaulting to saying it's not OK). + * + * NOTE: Loading the environment early can be a bad idea if security is + * important, since no verification is done on the environment. + * + * @return 0 if environment should not be loaded, !=0 if it is ok to load + */ +static int should_load_env(void) +{ +#ifdef CONFIG_OF_CONTROL + return fdtdec_get_config_int(gd->fdt_blob, "load-environment", 0); +#elif defined CONFIG_DELAY_ENVIRONMENT + return 0; +#else + return 1; +#endif +} + int env_relocate_r(void) { /* initialize environment */ - env_relocate(); + if (should_load_env()) + env_relocate(); + else + set_default_env(NULL); return 0; } -- 2.7.4