From: Heiko Schocher <hs@nabladev.com>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Cc: Fabio Estevam <festevam@gmail.com>,
Adrian Freihofer <adrian.freihofer@siemens.com>,
Heiko Schocher <hs@nabladev.com>,
Alexander Sverdlin <alexander.sverdlin@siemens.com>,
Marek Vasut <marek.vasut+renesas@mailbox.org>,
Simon Glass <sjg@chromium.org>, Tom Rini <trini@konsulko.com>,
Walter Schweizer <walter.schweizer@siemens.com>
Subject: [PATCH v1 11/11] siemens: capricorn: protect environment
Date: Sat, 24 Jan 2026 06:54:52 +0100 [thread overview]
Message-ID: <20260124055452.8799-12-hs@nabladev.com> (raw)
In-Reply-To: <20260124055452.8799-1-hs@nabladev.com>
From: Adrian Freihofer <adrian.freihofer@siemens.com>
With ENV_WRITEABLE_LIST only specific environment variables lisetd in
CFG_ENV_FLAGS_LIST_STATIC are read from the u-boot environment storage.
All other environment variables are set to default values and are not
written back to the storage.
The u-boot environment usually stays for the lifetime of the product.
There is no A/B copy mechanism as for the firmware itself. That means
that incompatible changes to environment variables in future u-boot
versions may lead to serious issues if the old environment is used with
a new u-boot version or vice versa.
Having this protection in place ensures that only a limited set of
environment variables are persisted across u-boot versions. All the
macros not listed in CFG_ENV_FLAGS_LIST_STATIC are now part of the
u-boot binary which is redundant and immutable. This guarantees that
the u-boot version and the default values of these environment variables
are always in sync and cannot be changed at runtime.
ustate and rastate are not relevant for u-boot itself. ustate is used
by swupdate which persists the transaction state in the environment.
rastate is a similar variable used by another user space application.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Heiko Schocher <hs@nabladev.com>
---
configs/imx8qxp_capricorn.config | 1 +
include/configs/capricorn-common.h | 14 ++++++++++++++
2 files changed, 15 insertions(+)
diff --git a/configs/imx8qxp_capricorn.config b/configs/imx8qxp_capricorn.config
index 626634cb09c..2bae5b1a862 100644
--- a/configs/imx8qxp_capricorn.config
+++ b/configs/imx8qxp_capricorn.config
@@ -12,6 +12,7 @@ CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x80200000
CONFIG_ENV_SIZE=0x2000
CONFIG_ENV_REDUNDANT=y
CONFIG_ENV_MMC_EMMC_HW_PARTITION=2
+CONFIG_ENV_WRITEABLE_LIST=y
CONFIG_DM_GPIO=y
CONFIG_AHAB_BOOT=y
diff --git a/include/configs/capricorn-common.h b/include/configs/capricorn-common.h
index 7120a44d186..bbacea09aed 100644
--- a/include/configs/capricorn-common.h
+++ b/include/configs/capricorn-common.h
@@ -38,6 +38,20 @@
#define CFG_EXTRA_ENV_SETTINGS \
AHAB_ENV
+#ifdef CONFIG_ENV_WRITEABLE_LIST
+#define CFG_ENV_FLAGS_LIST_STATIC \
+ "bootcount:dw," \
+ "bootdelay:sw," \
+ "bootlimit:dw," \
+ "ip_method:sw," \
+ "partitionset_active:sw," \
+ "rastate:dw," \
+ "sig_a:sw,sig_b:sw," \
+ "target_env:sw," \
+ "upgrade_available:dw," \
+ "ustate:dw"
+#endif
+
/* Default location for tftp and bootm */
/* On CCP board, USDHC1 is for eMMC */
--
2.20.1
next prev parent reply other threads:[~2026-01-24 5:56 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-24 5:54 [PATCH v1 00/11] imx8qxp: siemens: small board updates Heiko Schocher
2026-01-24 5:54 ` [PATCH v1 01/11] arm: dts: capricorn: pinctrl_usdhc1 cleanup Heiko Schocher
2026-01-26 1:12 ` Peng Fan
2026-01-24 5:54 ` [PATCH v1 02/11] siemens: capricorn: set max-frequency for usdhc1 Heiko Schocher
2026-01-26 1:14 ` Peng Fan
2026-01-24 5:54 ` [PATCH v1 03/11] arm: dts: capricorn: remove pinctrl_usdhc2 Heiko Schocher
2026-01-26 1:15 ` Peng Fan
2026-01-24 5:54 ` [PATCH v1 04/11] arm: dts: capricorn: move fec2 config Heiko Schocher
2026-01-26 1:18 ` Peng Fan
2026-01-24 5:54 ` [PATCH v1 05/11] imx8qxp_capricorn config: add wget command Heiko Schocher
2026-01-26 1:17 ` Peng Fan
2026-01-24 5:54 ` [PATCH v1 06/11] capricorn: config: add bootcounter command Heiko Schocher
2026-01-26 1:22 ` Peng Fan
2026-01-26 5:20 ` Heiko Schocher
2026-01-24 5:54 ` [PATCH v1 07/11] siemens: capricorn: add logic to U-Boot to avoid zig-zag boot Heiko Schocher
2026-01-26 1:29 ` Peng Fan
2026-01-26 5:30 ` Heiko Schocher
2026-01-24 5:54 ` [PATCH v1 08/11] siemens: capricorn: always detect emmc device Heiko Schocher
2026-01-26 1:18 ` Peng Fan
2026-01-24 5:54 ` [PATCH v1 09/11] siemens: capricorn: fix fallback bootm call for fitImage Heiko Schocher
2026-01-26 1:31 ` Peng Fan
2026-01-24 5:54 ` [PATCH v1 10/11] siemens: capricorn: rework bootcmd environment variables Heiko Schocher
2026-01-26 1:32 ` Peng Fan
2026-01-24 5:54 ` Heiko Schocher [this message]
2026-01-26 1:24 ` [PATCH v1 11/11] siemens: capricorn: protect environment Peng Fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260124055452.8799-12-hs@nabladev.com \
--to=hs@nabladev.com \
--cc=adrian.freihofer@siemens.com \
--cc=alexander.sverdlin@siemens.com \
--cc=festevam@gmail.com \
--cc=marek.vasut+renesas@mailbox.org \
--cc=sjg@chromium.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=walter.schweizer@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.