Hi Lucas, On Fri, Jan 18, 2013 at 4:06 AM, Lucas Stach <d...@lynxeye.de> wrote: > Am Donnerstag, den 01.11.2012, 16:42 -0700 schrieb Simon Glass: >> This option delays loading of the environment until later, so that only the >> default environment will be available to U-Boot. >> >> This can address the security risk of untrusted data being used during boot. >> >> When CONFIG_DELAY_ENVIRONMENT is defined, it is convenient to have a >> run-time way of enabling loadinlg of the environment. Add this to the >> fdt as /config/delay-environment. >> > It's really unfortunate to only realize this after the final release of > v2013.01 as I haven't tested the -rc3, but this breaks environment for > almost all Tegra boards. I haven't checked all of them, but the ones I > looked at have CONFIG_OF_CONTROL defined, but no load-environment node > in the FDT. > > So they're all going straight into "secure boot" mode, because of the > bogus standard value of not allowing env to load, which is probably not > what most people want.
Hmmm yes I think you are right - the value would be better the other way around. I will create a patch for this and see what people think. I have tended to create my own FDT file but I'm sure many will not. Regards, Simon > > Regards, > Lucas >> --- > [...] >> /* >> - ************************************************************************ >> + * Tell if it's OK to load the environment early in boot. >> + * >> + * If CONFIG_OF_CONFIG is defined, we'll check with the FDT to see >> + * if this is OK (defaulting to saying it's not OK). >> + * >> + * NOTE: Loading the environment early can be a bad idea if security is >> + * important, since no verification is done on the environment. >> + * >> + * @return 0 if environment should not be loaded, !=0 if it is ok to load >> + */ >> +static int should_load_env(void) >> +{ >> +#ifdef CONFIG_OF_CONTROL >> + return fdtdec_get_config_int(gd->fdt_blob, "load-environment", 0); >> +#elif defined CONFIG_DELAY_ENVIRONMENT >> + return 0; >> +#else >> + return 1; >> +#endif >> +} >> + > [...] > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot