From patchwork Thu Jan 4 10:39:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quentin Schulz X-Patchwork-Id: 123405 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp11265163qgn; Thu, 4 Jan 2018 02:39:45 -0800 (PST) X-Google-Smtp-Source: ACJfBovsNvW0Id5DzjSGd4TlhX1izmFqsHHh4VZK2DzT5hblvCEADYTWvLoqnk7xglnPS8+VezJ9 X-Received: by 10.80.165.41 with SMTP id y38mr6785772edb.72.1515062385222; Thu, 04 Jan 2018 02:39:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515062385; cv=none; d=google.com; s=arc-20160816; b=U4Y9neeGmgYh/FoekSok8f9Efv0GvNgCftjgnXczSWRBLeOzhJKKhD6UPNolJuRC06 kRk/RUZEtZ1t5UWOebIAvo72UOZ6cFoWNsXCDaEwpbg0+Ma2ADcm7CxbntjympUZ7DFt ElXOZox7rp+VR/Y1WYFEAcuod/a6yZyEiij+QYXE6Kl9Oa5zyrOuvV7mgAO7tc57D2UV FxPI2vqLmOrWcojUunSvPh9xMe5StXzFWqu9XyAFXtcAajmEpWPo+p/5sgfrM6DeYUqS B6iG72txKaVihVg6rfpCbxzd1OjYDMdWcmxVabCtIY1P5L2JmtSgDmSkOfA+DhZGKXKS cf/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:message-id:date:to:from :arc-authentication-results; bh=Ow5ZywUxv2YiOyoJcs3mER5AGuBtv9CpRIZuS5fGp58=; b=LKcMdPiTnHvPazs9Fj/jO3BuSXIgm7Cc38k9YQKxZbeMsNkLkWjsDDOJ+J3ZQ47qjZ RMPGa8YoU5Ofw3uVmJk9O+CikxhzjQe1ZIOAFJdENJ6iZhUY60VlEgzXIRr5Z8wcOt17 yLa/LIwXmyv5H6Ix7ye5GAsWJRvyjwm1F7Ad8YDrTyeu11WSDfezweJ7Qgw6d3+PS42I jP/RZz8q0kFfuy8g+Z33/b1teYnB1HbuhNRi/tzM+yoHS1I6PMb5EqtcmYvrrNDLX8U9 +GaMiTA0FSOpVS6faMevF+7omm0gkY2ee1ezfDTf7VtQNuvynZlF0kI0Gxu/z4GzpjjP o7vg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id e32si2320225edd.76.2018.01.04.02.39.44; Thu, 04 Jan 2018 02:39:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by lists.denx.de (Postfix, from userid 105) id C110EC21DCE; Thu, 4 Jan 2018 10:39:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 11B33C21C2B; Thu, 4 Jan 2018 10:39:42 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 07643C21C2B; Thu, 4 Jan 2018 10:39:39 +0000 (UTC) Received: from mail.free-electrons.com (mail.free-electrons.com [62.4.15.54]) by lists.denx.de (Postfix) with ESMTP id 9CA74C21C29 for ; Thu, 4 Jan 2018 10:39:39 +0000 (UTC) Received: by mail.free-electrons.com (Postfix, from userid 110) id 9776320733; Thu, 4 Jan 2018 11:39:38 +0100 (CET) Received: from localhost.localdomain (LStLambert-657-1-97-87.w90-63.abo.wanadoo.fr [90.63.216.87]) by mail.free-electrons.com (Postfix) with ESMTPSA id 661FC20726; Thu, 4 Jan 2018 11:39:38 +0100 (CET) From: Quentin Schulz To: sjg@chromium.org Date: Thu, 4 Jan 2018 11:39:15 +0100 Message-Id: <20180104103915.23165-1-quentin.schulz@free-electrons.com> X-Mailer: git-send-email 2.14.1 Cc: thomas.petazzoni@free-electrons.com, u-boot@lists.denx.de Subject: [U-Boot] [PATCH] cmd: nvedit: add whitelist option for env import X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" While the `env export` can take as parameters variables to be exported, `env import` does not have such a mechanism of variable selection. Let's add a `-w` option that asks `env import` to look for the `whitelisted_vars` env variable for a space-separated list of variables that are whitelisted. Every env variable present in env at `addr` and in `whitelisted_vars` env variable will override the value of the variable in the current env. All the remaining variables are left untouched. One of its use case could be to load a secure environment from the signed U-Boot binary and load only a handful of variables from an other, unsecure, environment without completely losing control of U-Boot. Signed-off-by: Quentin Schulz --- cmd/nvedit.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 64 insertions(+), 7 deletions(-) diff --git a/cmd/nvedit.c b/cmd/nvedit.c index 4e79d03856..9f983b41a1 100644 --- a/cmd/nvedit.c +++ b/cmd/nvedit.c @@ -971,7 +971,7 @@ sep_err: #ifdef CONFIG_CMD_IMPORTENV /* - * env import [-d] [-t [-r] | -b | -c] addr [size] + * env import [-d] [-t [-r] | -b | -c] [-w] addr [size] * -d: delete existing environment before importing; * otherwise overwrite / append to existing definitions * -t: assume text format; either "size" must be given or the @@ -982,6 +982,10 @@ sep_err: * for line endings. Only effective in addition to -t. * -b: assume binary format ('\0' separated, "\0\0" terminated) * -c: assume checksum protected environment format + * -w: specify that whitelisting of variables should be used when + * importing environment. The space-separated list of variables + * that should override the ones in current environment is stored + * in `whitelisted_vars`. * addr: memory address to read from * size: length of input data; if missing, proper '\0' * termination is mandatory @@ -991,11 +995,16 @@ static int do_env_import(cmd_tbl_t *cmdtp, int flag, { ulong addr; char *cmd, *ptr; + char **array = NULL; char sep = '\n'; int chk = 0; int fmt = 0; int del = 0; int crlf_is_lf = 0; + int wl = 0; + int wl_count = 0; + int ret; + unsigned int i; size_t size; cmd = *argv; @@ -1026,6 +1035,9 @@ static int do_env_import(cmd_tbl_t *cmdtp, int flag, case 'd': del = 1; break; + case 'w': + wl = 1; + break; default: return CMD_RET_USAGE; } @@ -1082,14 +1094,59 @@ static int do_env_import(cmd_tbl_t *cmdtp, int flag, ptr = (char *)ep->data; } - if (himport_r(&env_htab, ptr, size, sep, del ? 0 : H_NOCLEAR, - crlf_is_lf, 0, NULL) == 0) { + if(wl) { + char *str, *token, *tmp; + wl_count = 1; + + str = env_get("whitelisted_vars"); + if (!str) { + puts("## Error: whitelisted_vars is not set.\n"); + return CMD_RET_USAGE; + } + + tmp = malloc(sizeof(char) * (strlen(str) + 1)); + strcpy(tmp, str); + + token = strchr(tmp, ' '); + while (!token) { + wl_count++; + token = strchr(token + 1, ' '); + } + + strcpy(tmp, str); + + array = malloc(sizeof(char *) * wl_count); + wl_count = 0; + + token = strtok(tmp, " "); + while (token) { + array[wl_count] = malloc(sizeof(char) * + (strlen(token) + 1)); + strcpy(array[wl_count], token); + wl_count++; + token = strtok(NULL, " "); + } + + free(tmp); + } + + ret = himport_r(&env_htab, ptr, size, sep, del ? 0 : H_NOCLEAR, + crlf_is_lf, wl ? wl_count : 0, wl ? array : NULL); + if (!ret) { pr_err("Environment import failed: errno = %d\n", errno); - return 1; + ret = 1; + } else { + gd->flags |= GD_FLG_ENV_READY; + ret = 0; } - gd->flags |= GD_FLG_ENV_READY; - return 0; + if (wl) { + for (i = 0; i < wl_count; i++) + free(array[i]); + free(array); + } + + return ret; sep_err: printf("## %s: only one of \"-b\", \"-c\" or \"-t\" allowed\n", @@ -1212,7 +1269,7 @@ static char env_help_text[] = #endif #endif #if defined(CONFIG_CMD_IMPORTENV) - "env import [-d] [-t [-r] | -b | -c] addr [size] - import environment\n" + "env import [-d] [-t [-r] | -b | -c] [-w] addr [size] - import environment\n" #endif "env print [-a | name ...] - print environment\n" #if defined(CONFIG_CMD_RUN)