siemens: capricorn: protect environment

With ENV_WRITEABLE_LIST only specific environment variables lisetd in
CFG_ENV_FLAGS_LIST_STATIC are read from the u-boot environment storage.
All other environment variables are set to default values and are not
written back to the storage.

The u-boot environment usually stays for the lifetime of the product.
There is no A/B copy mechanism as for the firmware itself. That means
that incompatible changes to environment variables in future u-boot
versions may lead to serious issues if the old environment is used with
a new u-boot version or vice versa.

Having this protection in place ensures that only a limited set of
environment variables are persisted across u-boot versions. All the
macros not listed in CFG_ENV_FLAGS_LIST_STATIC are now part of the
u-boot binary which is redundant and immutable. This guarantees that
the u-boot version and the default values of these environment variables
are always in sync and cannot be changed at runtime.

ustate and rastate are not relevant for u-boot itself. ustate is used
by swupdate which persists the transaction state in the environment.
rastate is a similar variable used by another user space application.

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Heiko Schocher <hs@nabladev.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Heiko Schocher <hs@nabladev.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

diff --git a/configs/imx8qxp_capricorn.config b/configs/imx8qxp_capricorn.config
index 626634cb09c91b8487ebb0a044d84b6d40728f4d..2bae5b1a862563a77a68aa1ce6f1483b941c7c37 100644 (file)
--- a/configs/imx8qxp_capricorn.config
+++ b/configs/imx8qxp_capricorn.config
@@ -12,6 +12,7 @@ CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x80200000
 CONFIG_ENV_SIZE=0x2000
 CONFIG_ENV_REDUNDANT=y
 CONFIG_ENV_MMC_EMMC_HW_PARTITION=2
+CONFIG_ENV_WRITEABLE_LIST=y
 
 CONFIG_DM_GPIO=y
 CONFIG_AHAB_BOOT=y

diff --git a/include/configs/capricorn-common.h b/include/configs/capricorn-common.h
index 7120a44d1865a11e4a186b407897981a05c317d0..ee13d2ab950a5787ca73f89e5348109439aaf6b1 100644 (file)
--- a/include/configs/capricorn-common.h
+++ b/include/configs/capricorn-common.h
@@ -38,6 +38,19 @@
 #define CFG_EXTRA_ENV_SETTINGS \
        AHAB_ENV
 
+#ifdef CONFIG_ENV_WRITEABLE_LIST
+#define CFG_ENV_FLAGS_LIST_STATIC \
+       "bootcount:dw," \
+       "bootdelay:sw," \
+       "bootlimit:dw," \
+       "partitionset_active:sw," \
+       "rastate:dw," \
+       "sig_a:sw,sig_b:sw," \
+       "target_env:sw," \
+       "upgrade_available:dw," \
+       "ustate:dw"
+#endif
+
 /* Default location for tftp and bootm */
 
 /* On CCP board, USDHC1 is for eMMC */