From: "Thomaiyar, Richard Marian" <richard.marian.thomaiyar@linux.intel.com>
To: openbmc@lists.ozlabs.org
Subject: Re: U-Boot environment management from userspace
Date: Wed, 29 May 2019 20:56:47 +0530 [thread overview]
Message-ID: <86e6c763-861a-241b-e083-ce274a6eca73@linux.intel.com> (raw)
In-Reply-To: <20190528183802.GH15959@mauery.jf.intel.com>
Vernon,
I just started a daemon for the same as i needed it for RestrictionMode
(provisioning) . At this point of time, the daemon uses the fw_setenv &
printenv internally, but atleast application will access the same in D-Bus
Regards,
Richard
On 5/29/2019 12:10 AM, Vernon Mauery wrote:
> Reading U-Boot environment variables from userspace is not difficult,
> but to do it in a standard way, (fw_printenv), it requires a fork and
> exec. We don't have any permissions problems because reading from the
> MTD partition is not restricted. It might be nice, however to have
> these variables exported on D-Bus so that a fork/exec is not
> necessary, just a property fetch.
>
> But writing is a different story. That requires root privileges. To
> architect with a separation of privileges mechanism, this should
> probably be running as a daemon or service that could be spawned via
> D-Bus or something so that ipmid doesn't need root permission to set a
> U-Boot variable.
>
> I see a couple of options:
> 1) Shoehorn U-Boot variables into the settings daemon so they just
> show up as settings. I am not sure on the details of how this would be
> done, but it might work.
>
> 2) Create yet another daemon that would provide a R/W interface
> (probably just using the D-Bus properties interface) that would act as
> a manager of U-Boot environment variables. It might even be able to
> place an inotify watch to get notified when an external process
> (fw_setenv) modifies the environment (like from a script or something)
> so the D-Bus properties could send out a PropertiesChanged notification.
>
> 3) Use a one-shot service that parses the 'instance' to extract a
> variable name and variable value. Then the variable could be activated
> by launching ubootenv@foo=bar.service. This would require some fancy
> parameter encoding to make it all work correctly to avoid string
> injections.
> Am I the only one that has a need for this or is there a wider
> audience that would benefit?
>
> Does anyone else already have a solution for this or an opinion on
> what path might be the best?
>
> --Vernon
next prev parent reply other threads:[~2019-05-29 15:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-28 18:40 U-Boot environment management from userspace Vernon Mauery
2019-05-29 15:26 ` Thomaiyar, Richard Marian [this message]
2019-05-29 15:30 ` Adriana Kobylak
2019-05-30 17:20 ` Vernon Mauery
2019-06-05 12:35 ` Brad Bishop
2019-06-05 15:27 ` krtaylor
2019-06-12 21:00 ` Brad Bishop
2019-05-30 17:25 ` Ed Tanous
2019-05-31 0:35 ` Joel Stanley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86e6c763-861a-241b-e083-ce274a6eca73@linux.intel.com \
--to=richard.marian.thomaiyar@linux.intel.com \
--cc=openbmc@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.