x86: Conditionally load environment based on device tree

u-boot would load the environment from flash unconditionally
on x86. This is a security issue when booting ChromeOS in normal mode.
Add a function that looks at the device tree variable load_env to
determine whether to load it.

Signed-off-by: Stefan Reinauer <reinauer@google.com>
BUG=none
TEST=boot tested on Stumpy

Change-Id: I7e4655e151b7421ec8ff9d0ce40b6de17bfede5d
Reviewed-on: https://gerrit.chromium.org/gerrit/12987
Tested-by: Stefan Reinauer <reinauer@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

1 files changed, 23 insertions, 1 deletions

diff --git a/arch/x86/lib/board.c b/arch/x86/lib/board.c
index fece567e31..48d5257ae7 100644
--- a/arch/x86/lib/board.c
+++ b/arch/x86/lib/board.c
@@ -45,6 +45,7 @@
 #include <asm/u-boot-x86.h>
 #include <spi.h>
 #include <elf.h>
+#include <fdt_decode.h>
 
 #ifdef CONFIG_BITBANGMII
 #include <miiphy.h>
@@ -288,6 +289,24 @@ void board_init_f(ulong boot_flags)
 	while(1);
 }
 
+/*
+ * Tell if it's OK to load the environment early in boot.
+ *
+ * If CONFIG_OF_LOAD_ENVIRONMENT is defined, we'll check with the FDT to see
+ * if this is OK (defaulting to saying it's not OK).
+ *
+ * NOTE: Loading the environment early can be a bad idea if security is
+ *       important, since no verification is done on the environment.
+ */
+static int should_load_env(void)
+{
+#ifdef CONFIG_OF_LOAD_ENVIRONMENT
+	return fdt_decode_get_config_int(gd->blob, "load_env", 0);
+#else
+	return 1;
+#endif
+}
+
 void board_init_r(gd_t *id, ulong dest_addr)
 {
 	char *s;
@@ -330,7 +349,10 @@ void board_init_r(gd_t *id, ulong dest_addr)
 	spi_init();
 #endif
 	/* initialize environment */
-	env_relocate ();
+	if (should_load_env())
+		env_relocate();
+	else
+		env_set_default();
 
 #ifdef CONFIG_CMD_NET
 	/* IP Address */