On Wed, Nov 21, 2018 at 12:45 PM Wolfgang Denk <w...@denx.de> wrote: > > Dear Stefano, > > In message <9efc8990-118c-d5b9-802d-8190db232...@denx.de> you wrote: > > > > True, but this has side effect and limitation. You cannot change a > > variable in the deafult environment if you need it because you do not > > know it. If some changes are needed, even if for very small things like > > activating a gpio before ooting, you need to update the bootloader. > > Just my words. (Mis) using the default environment for such > purposes is broken by design. > > Let's get rid of this! > > > Moving to shared library should be done in U-Boot project, then. Some > > changes are then required, at least how the environment is locked (it is > > not clean as it is done now - locking should be done by the library and > > not by the caller). > > Speaking of security... shared libraries open a number of new > attack vectors, too... > > > > In a secure boot environment, you cannot allow to load the environment > > > from an untrusted source. We need a default environment in this case. > > > > Or you make that changes are trusted. > > Right, when we sign (and check the signatures) of all other images, > then why not do the very same for some environment image?
You normally cannot sign the environment in the target when saving it when using private/public keys. We are using a signed U-Boot image that apart from the default environment only needs to load MAC addresses. I cannot do this via a loaded environment (signed or unsigned) as the MAC addresses are stored in production and I cannot rely on production always having an up-to-date environment to embed their MAC addresses when programming. To use environment loading here, I would have to implement a whitelist that only loads the MAC addresses from the saved environment. That sounds a bit hacked, too. So when it comes to secure boot, I do think there's a use case for not loading an environment. I don't currently mind how this environment is initialized. And maybe I don't yet get what you are talking about when trying to get rid of the default environment. I do need U-Boot to run with a predefined environment without loading it. Regards, Simon > > That would even be _better_ as currently there is no, absolutely no > check if the builtin default environment is in any way consistent. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot