Message ID | 20200707185139.2225-6-marex@denx.de |
---|---|
State | Superseded |
Headers | show |
Series | [V2,1/7] env: Warn on force access if ENV_ACCESS_IGNORE_FORCE set | expand |
On Tue, Jul 07, 2020 at 08:51:38PM +0200, Marek Vasut wrote: > Add configuration option which prevents the environment hash table to be > ever cleared and reloaded with different content. This is useful in case > the first environment loaded into the hash table contains e.g. sensitive > content which must not be dropped or reloaded. > > Signed-off-by: Marek Vasut <marex@denx.de> Reviewed-by: Tom Rini <trini@konsulko.com> -- Tom
On Tue, Jul 07, 2020 at 08:51:38PM +0200, Marek Vasut wrote: > Add configuration option which prevents the environment hash table to be > ever cleared and reloaded with different content. This is useful in case > the first environment loaded into the hash table contains e.g. sensitive > content which must not be dropped or reloaded. > > Signed-off-by: Marek Vasut <marex@denx.de> > Reviewed-by: Tom Rini <trini@konsulko.com> Applied to u-boot/master, thanks! -- Tom
diff --git a/env/Kconfig b/env/Kconfig index 38e7fadbb9..9f7eff4f69 100644 --- a/env/Kconfig +++ b/env/Kconfig @@ -604,6 +604,15 @@ config DELAY_ENVIRONMENT later by U-Boot code. With CONFIG_OF_CONTROL this is instead controlled by the value of /config/load-environment. +config ENV_APPEND + bool "Always append the environment with new data" + default n + help + If defined, the environment hash table is only ever appended with new + data, but the existing hash table can never be dropped and reloaded + with newly imported data. This may be used in combination with static + flags to e.g. to protect variables which must not be modified. + config ENV_ACCESS_IGNORE_FORCE bool "Block forced environment operations" default n diff --git a/env/env.c b/env/env.c index 024d36fdbe..967a9d36d7 100644 --- a/env/env.c +++ b/env/env.c @@ -204,7 +204,9 @@ int env_load(void) ret = drv->load(); if (!ret) { printf("OK\n"); +#if !CONFIG_IS_ENABLED(ENV_APPEND) return 0; +#endif } else if (ret == -ENOMSG) { /* Handle "bad CRC" case */ if (best_prio == -1) diff --git a/lib/hashtable.c b/lib/hashtable.c index 7b6781bc35..ef834badc5 100644 --- a/lib/hashtable.c +++ b/lib/hashtable.c @@ -826,6 +826,10 @@ int himport_r(struct hsearch_data *htab, if (nvars) memcpy(localvars, vars, sizeof(vars[0]) * nvars); +#if CONFIG_IS_ENABLED(ENV_APPEND) + flag |= H_NOCLEAR; +#endif + if ((flag & H_NOCLEAR) == 0 && !nvars) { /* Destroy old hash table if one exists */ debug("Destroy Hash Table: %p table = %p\n", htab,
Add configuration option which prevents the environment hash table to be ever cleared and reloaded with different content. This is useful in case the first environment loaded into the hash table contains e.g. sensitive content which must not be dropped or reloaded. Signed-off-by: Marek Vasut <marex at denx.de> --- V2: No change --- env/Kconfig | 9 +++++++++ env/env.c | 2 ++ lib/hashtable.c | 4 ++++ 3 files changed, 15 insertions(+)