[U-Boot] [PATCH] omap5: Allow use of a plain text env file

[Tom Rini <trini@ti.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/22/2013 08:23 PM, Wolfgang Denk wrote:
> Dear Nishanth Menon,
> 
> In message <1363992223-1628-1-git-send-email-nm@ti.com> you wrote:
>> For production systems it is better to use script images since 
>> they are protected by checksums and carry valuable information 
>> like name and timestamp. Also, you can't validate the content 
>> passed to env import.
>> 
>> But for development, it is easier to use the env import command
>> and plain text files instead of script-images.
> 
> Be careful here.  There are some subtle, but important
> differences.
> 
> With a script image, you are basically running standard commands, 
> which includes certain tests and limitations.  With "env import",
> you are just importing a set of environment settings, without
> further tests for permissions, etc.
> 
> For example, think if data like your MAC address or board serial 
> number are important to you, or if you are willing to have any
> user overwrite these with arbitrary data.

Right.  What I really want to see happen, and hope to find some time
to play with, is moving this almost identical in 3+ boards BOOTCOMMAND
into something that can be included and is commented enough to make
such risks clear.  For all of these development platforms that ship
with example filesystems with no-password remote ssh root login, it's
just another secure-me spot, but indeed, there is a risk of leakage
into production systems if such things aren't clear.  This came from
the beagle boards where it's really useful for a developer-focused
board (edit a plain text file, and have things just update and work? yay).

- -- 
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRTQA0AAoJENk4IS6UOR1WkgYP+wejXFLki/bR78vlDa2ThqhS
mdz9sdBIhuL/Hh7BqM+nmF1C9CMSNffF83dIvtqtu0VdnYd9k+68UOQSc6Xnru4Z
KQHa5TR5qqPOsb8IVkR+q7ZcK6YNAYwAPHpTIdeSbtD7Wlh0lrZc4soPgxu8nG8t
Hcm5ASFr3222yIQUARgaih/V2erOSfPLBxcnV4yc/VhNZ7czRwOka97cV2dZrQeI
Oelp3s1BE9/7eKOLR+CDl7M2jKylJrQTuj9LOWjwGLvaxX03IIABclPimXCvbK6D
nKtS1edaUQ+ife+rNOp3U4b5XZ4FB3L2zLpUQS2YujXHVyKg2cqvtw2FLiYTUAgd
0xagQt9SncXyQ7j6YxHJNrkIGS649XZN+jS1k4qSk32IPUY+r7bYSMjC3tYzoO9J
x8tgv53paU4R8H4oJIO52aCrXLA+lPXzFsurIFY8qf0Eg3gkTBZf2obu9o/Lm+II
d+O9cqrmwPhhhJifrdxON1NFiJEQbR/ltwCAQq2JqPy21FSwP1eOtN532ITcQfIo
cm1SXg4wA6YpbY2DNBr2RaLqEf0n4feO1XOuiivkcsPDSHV38PxTbvqxVanRWnFg
TJHfFkVl/L7E6wJxZGUlVGEMsyZ3crZV9+0qCjcH+UvXPPzQ7oKtGekHF0fGilwP
d/CM3nRLIfEDiZptNWCj
=3C1D
-----END PGP SIGNATURE-----