From: Stefan Reinauer Date: Sat, 3 Nov 2012 11:41:29 +0000 (+0000) Subject: x86: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=05b71646a93839ad6fb1073f5e25ead928c1717d;p=project%2Fbcm63xx%2Fu-boot.git x86: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading This option delays loading of the environment until later, so that only the default environment will be available to U-Boot. This can address the security risk of untrusted data being used during boot. When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a run-time way of enabling loadinlg of the environment. Add this to the fdt as /config/delay-environment. Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/ Signed-off-by: Simon Glass Signed-off-by: Stefan Reinauer --- diff --git a/arch/x86/lib/init_wrappers.c b/arch/x86/lib/init_wrappers.c index 71449fe6fa..cca018fa9b 100644 --- a/arch/x86/lib/init_wrappers.c +++ b/arch/x86/lib/init_wrappers.c @@ -21,6 +21,7 @@ * MA 02111-1307 USA */ #include +#include #include #include #include @@ -36,10 +37,35 @@ int serial_initialize_r(void) return 0; } +/* + * Tell if it's OK to load the environment early in boot. + * + * If CONFIG_OF_CONFIG is defined, we'll check with the FDT to see + * if this is OK (defaulting to saying it's not OK). + * + * NOTE: Loading the environment early can be a bad idea if security is + * important, since no verification is done on the environment. + * + * @return 0 if environment should not be loaded, !=0 if it is ok to load + */ +static int should_load_env(void) +{ +#ifdef CONFIG_OF_CONTROL + return fdtdec_get_config_int(gd->fdt_blob, "load-environment", 0); +#elif defined CONFIG_DELAY_ENVIRONMENT + return 0; +#else + return 1; +#endif +} + int env_relocate_r(void) { /* initialize environment */ - env_relocate(); + if (should_load_env()) + env_relocate(); + else + set_default_env(NULL); return 0; }