Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • early-display
  • variant-emmc-nvme-boot
  • 2023-01-25
  • v3
  • variant-emmc-nvme-boot
  • 2020-06-01
7 results

board.c

Blame
  • Forked from Reform / reform-boundary-uboot
    Source project has a limited visibility.
    • Simon Glass's avatar
      06fd8538
      arm: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading · 06fd8538
      Simon Glass authored
      This option delays loading of the environment until later, so that only the
      default environment will be available to U-Boot.
      
      This can address the security risk of untrusted data being used during boot.
      
      Any time you load untrusted data you expose yourself to a bug in the
      code. The attacker gets to choose the data so can sometimes carefully
      craft it to exploit a bug. We try to avoid touching user-controlled
      data during a verified boot unless strictly necessary. Since the
      default environment is good enough in this case (or you would just
      change it), this gets around the problem by just not loading the
      environment.
      
      When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a
      run-time way of enabling loading of the environment. Add this to the
      fdt as /config/delay-environment.
      
      Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/
      
      
      
      Signed-off-by: default avatarDoug Anderson <dianders@chromium.org>
      Signed-off-by: default avatarSimon Glass <sjg@chromium.org>
      Reviewed-by: default avatarDoug Anderson <dianders@chromium.org>
      06fd8538
      History
      arm: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading
      Simon Glass authored
      This option delays loading of the environment until later, so that only the
      default environment will be available to U-Boot.
      
      This can address the security risk of untrusted data being used during boot.
      
      Any time you load untrusted data you expose yourself to a bug in the
      code. The attacker gets to choose the data so can sometimes carefully
      craft it to exploit a bug. We try to avoid touching user-controlled
      data during a verified boot unless strictly necessary. Since the
      default environment is good enough in this case (or you would just
      change it), this gets around the problem by just not loading the
      environment.
      
      When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a
      run-time way of enabling loading of the environment. Add this to the
      fdt as /config/delay-environment.
      
      Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/
      
      
      
      Signed-off-by: default avatarDoug Anderson <dianders@chromium.org>
      Signed-off-by: default avatarSimon Glass <sjg@chromium.org>
      Reviewed-by: default avatarDoug Anderson <dianders@chromium.org>