diff options
author | Stefan Reinauer <reinauer@chromium.org> | 2011-12-15 10:00:43 -0800 |
---|---|---|
committer | Stefan Reinauer <reinauer@chromium.org> | 2011-12-15 10:48:59 -0800 |
commit | 2151d14555ad0e7c2c850195de6fbe89f95001fb (patch) | |
tree | b76130b7088cb369e3cd037c09a85a424cd83535 /arch/x86 | |
parent | 545be104f4427e1485f3651128e02611398ffb2e (diff) |
x86: Conditionally load environment based on device tree
u-boot would load the environment from flash unconditionally
on x86. This is a security issue when booting ChromeOS in normal mode.
Add a function that looks at the device tree variable load_env to
determine whether to load it.
Signed-off-by: Stefan Reinauer <reinauer@google.com>
BUG=none
TEST=boot tested on Stumpy
Change-Id: I7e4655e151b7421ec8ff9d0ce40b6de17bfede5d
Reviewed-on: https://gerrit.chromium.org/gerrit/12987
Tested-by: Stefan Reinauer <reinauer@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'arch/x86')
-rw-r--r-- | arch/x86/lib/board.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/arch/x86/lib/board.c b/arch/x86/lib/board.c index fece567e313..48d5257ae74 100644 --- a/arch/x86/lib/board.c +++ b/arch/x86/lib/board.c @@ -45,6 +45,7 @@ #include <asm/u-boot-x86.h> #include <spi.h> #include <elf.h> +#include <fdt_decode.h> #ifdef CONFIG_BITBANGMII #include <miiphy.h> @@ -288,6 +289,24 @@ void board_init_f(ulong boot_flags) while(1); } +/* + * Tell if it's OK to load the environment early in boot. + * + * If CONFIG_OF_LOAD_ENVIRONMENT is defined, we'll check with the FDT to see + * if this is OK (defaulting to saying it's not OK). + * + * NOTE: Loading the environment early can be a bad idea if security is + * important, since no verification is done on the environment. + */ +static int should_load_env(void) +{ +#ifdef CONFIG_OF_LOAD_ENVIRONMENT + return fdt_decode_get_config_int(gd->blob, "load_env", 0); +#else + return 1; +#endif +} + void board_init_r(gd_t *id, ulong dest_addr) { char *s; @@ -330,7 +349,10 @@ void board_init_r(gd_t *id, ulong dest_addr) spi_init(); #endif /* initialize environment */ - env_relocate (); + if (should_load_env()) + env_relocate(); + else + env_set_default(); #ifdef CONFIG_CMD_NET /* IP Address */ |