diff options
| author | Stefan Reinauer <reinauer@chromium.org> | 2012-11-03 11:41:29 +0000 | 
|---|---|---|
| committer | Simon Glass <sjg@chromium.org> | 2012-12-06 14:30:42 -0800 | 
| commit | 05b71646a93839ad6fb1073f5e25ead928c1717d (patch) | |
| tree | 7835c687820f0fecde7deea8ecbada485f66fb58 /arch | |
| parent | 91d82a29e7aec12c97dcd4a4be1962f6d794b35c (diff) | |
x86: Add CONFIG_DELAY_ENVIRONMENT to delay environment loading
This option delays loading of the environment until later, so that only the
default environment will be available to U-Boot.
This can address the security risk of untrusted data being used during boot.
When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a
run-time way of enabling loadinlg of the environment. Add this to the
fdt as /config/delay-environment.
Note: This patch depends on http://patchwork.ozlabs.org/patch/194342/
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Reinauer <reinauer@chromium.org>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/x86/lib/init_wrappers.c | 28 | 
1 files changed, 27 insertions, 1 deletions
| diff --git a/arch/x86/lib/init_wrappers.c b/arch/x86/lib/init_wrappers.c index 71449fe6fa4..cca018fa9b0 100644 --- a/arch/x86/lib/init_wrappers.c +++ b/arch/x86/lib/init_wrappers.c @@ -21,6 +21,7 @@   * MA 02111-1307 USA   */  #include <common.h> +#include <environment.h>  #include <serial.h>  #include <kgdb.h>  #include <scsi.h> @@ -36,10 +37,35 @@ int serial_initialize_r(void)  	return 0;  } +/* + * Tell if it's OK to load the environment early in boot. + * + * If CONFIG_OF_CONFIG is defined, we'll check with the FDT to see + * if this is OK (defaulting to saying it's not OK). + * + * NOTE: Loading the environment early can be a bad idea if security is + *       important, since no verification is done on the environment. + * + * @return 0 if environment should not be loaded, !=0 if it is ok to load + */ +static int should_load_env(void) +{ +#ifdef CONFIG_OF_CONTROL +	return fdtdec_get_config_int(gd->fdt_blob, "load-environment", 0); +#elif defined CONFIG_DELAY_ENVIRONMENT +	return 0; +#else +	return 1; +#endif +} +  int env_relocate_r(void)  {  	/* initialize environment */ -	env_relocate(); +	if (should_load_env()) +		env_relocate(); +	else +		set_default_env(NULL);  	return 0;  } | 
