Commit 06fd8538 authored 12 years ago by Simon Glass Committed by Albert ARIBAUD 12 years ago

arm: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading

This option delays loading of the environment until later, so that only the
default environment will be available to U-Boot.

This can address the security risk of untrusted data being used during boot.

Any time you load untrusted data you expose yourself to a bug in the
code. The attacker gets to choose the data so can sometimes carefully
craft it to exploit a bug. We try to avoid touching user-controlled
data during a verified boot unless strictly necessary. Since the
default environment is good enough in this case (or you would just
change it), this gets around the problem by just not loading the
environment.

When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a
run-time way of enabling loading of the environment. Add this to the
fdt as /config/delay-environment.

Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/



Signed-off-by: Doug Anderson <dianders@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>

parent eae78c34

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 36 additions and 2 deletions

Please register or to comment