diff options
| author | Adrian Freihofer <[email protected]> | 2026-02-17 17:39:11 +0100 |
|---|---|---|
| committer | Fabio Estevam <[email protected]> | 2026-02-28 15:31:50 -0300 |
| commit | cc832b676456c11cd730dd75f0c122991268e64d (patch) | |
| tree | f0a8339eb561d0860fc94462cb0472e72ff75a94 | |
| parent | bf3c641e97578388d3b1e126bdd1b76311c7536b (diff) | |
siemens: capricorn: protect environment
With ENV_WRITEABLE_LIST only specific environment variables lisetd in
CFG_ENV_FLAGS_LIST_STATIC are read from the u-boot environment storage.
All other environment variables are set to default values and are not
written back to the storage.
The u-boot environment usually stays for the lifetime of the product.
There is no A/B copy mechanism as for the firmware itself. That means
that incompatible changes to environment variables in future u-boot
versions may lead to serious issues if the old environment is used with
a new u-boot version or vice versa.
Having this protection in place ensures that only a limited set of
environment variables are persisted across u-boot versions. All the
macros not listed in CFG_ENV_FLAGS_LIST_STATIC are now part of the
u-boot binary which is redundant and immutable. This guarantees that
the u-boot version and the default values of these environment variables
are always in sync and cannot be changed at runtime.
ustate and rastate are not relevant for u-boot itself. ustate is used
by swupdate which persists the transaction state in the environment.
rastate is a similar variable used by another user space application.
Signed-off-by: Adrian Freihofer <[email protected]>
Signed-off-by: Heiko Schocher <[email protected]>
Reviewed-by: Peng Fan <[email protected]>
Signed-off-by: Adrian Freihofer <[email protected]>
Signed-off-by: Heiko Schocher <[email protected]>
Reviewed-by: Peng Fan <[email protected]>
| -rw-r--r-- | configs/imx8qxp_capricorn.config | 1 | ||||
| -rw-r--r-- | include/configs/capricorn-common.h | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/configs/imx8qxp_capricorn.config b/configs/imx8qxp_capricorn.config index 626634cb09c..2bae5b1a862 100644 --- a/configs/imx8qxp_capricorn.config +++ b/configs/imx8qxp_capricorn.config @@ -12,6 +12,7 @@ CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x80200000 CONFIG_ENV_SIZE=0x2000 CONFIG_ENV_REDUNDANT=y CONFIG_ENV_MMC_EMMC_HW_PARTITION=2 +CONFIG_ENV_WRITEABLE_LIST=y CONFIG_DM_GPIO=y CONFIG_AHAB_BOOT=y diff --git a/include/configs/capricorn-common.h b/include/configs/capricorn-common.h index 7120a44d186..ee13d2ab950 100644 --- a/include/configs/capricorn-common.h +++ b/include/configs/capricorn-common.h @@ -38,6 +38,19 @@ #define CFG_EXTRA_ENV_SETTINGS \ AHAB_ENV +#ifdef CONFIG_ENV_WRITEABLE_LIST +#define CFG_ENV_FLAGS_LIST_STATIC \ + "bootcount:dw," \ + "bootdelay:sw," \ + "bootlimit:dw," \ + "partitionset_active:sw," \ + "rastate:dw," \ + "sig_a:sw,sig_b:sw," \ + "target_env:sw," \ + "upgrade_available:dw," \ + "ustate:dw" +#endif + /* Default location for tftp and bootm */ /* On CCP board, USDHC1 is for eMMC */ |