From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rini Date: Fri, 22 Mar 2013 21:07:01 -0400 Subject: [U-Boot] [PATCH] omap5: Allow use of a plain text env file In-Reply-To: <20130323002351.B9D44200048@gemini.denx.de> References: <1363992223-1628-1-git-send-email-nm@ti.com> <20130323002351.B9D44200048@gemini.denx.de> Message-ID: <514D0035.2080108@ti.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/22/2013 08:23 PM, Wolfgang Denk wrote: > Dear Nishanth Menon, > > In message <1363992223-1628-1-git-send-email-nm@ti.com> you wrote: >> For production systems it is better to use script images since >> they are protected by checksums and carry valuable information >> like name and timestamp. Also, you can't validate the content >> passed to env import. >> >> But for development, it is easier to use the env import command >> and plain text files instead of script-images. > > Be careful here. There are some subtle, but important > differences. > > With a script image, you are basically running standard commands, > which includes certain tests and limitations. With "env import", > you are just importing a set of environment settings, without > further tests for permissions, etc. > > For example, think if data like your MAC address or board serial > number are important to you, or if you are willing to have any > user overwrite these with arbitrary data. Right. What I really want to see happen, and hope to find some time to play with, is moving this almost identical in 3+ boards BOOTCOMMAND into something that can be included and is commented enough to make such risks clear. For all of these development platforms that ship with example filesystems with no-password remote ssh root login, it's just another secure-me spot, but indeed, there is a risk of leakage into production systems if such things aren't clear. This came from the beagle boards where it's really useful for a developer-focused board (edit a plain text file, and have things just update and work? yay). - -- Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRTQA0AAoJENk4IS6UOR1WkgYP+wejXFLki/bR78vlDa2ThqhS mdz9sdBIhuL/Hh7BqM+nmF1C9CMSNffF83dIvtqtu0VdnYd9k+68UOQSc6Xnru4Z KQHa5TR5qqPOsb8IVkR+q7ZcK6YNAYwAPHpTIdeSbtD7Wlh0lrZc4soPgxu8nG8t Hcm5ASFr3222yIQUARgaih/V2erOSfPLBxcnV4yc/VhNZ7czRwOka97cV2dZrQeI Oelp3s1BE9/7eKOLR+CDl7M2jKylJrQTuj9LOWjwGLvaxX03IIABclPimXCvbK6D nKtS1edaUQ+ife+rNOp3U4b5XZ4FB3L2zLpUQS2YujXHVyKg2cqvtw2FLiYTUAgd 0xagQt9SncXyQ7j6YxHJNrkIGS649XZN+jS1k4qSk32IPUY+r7bYSMjC3tYzoO9J x8tgv53paU4R8H4oJIO52aCrXLA+lPXzFsurIFY8qf0Eg3gkTBZf2obu9o/Lm+II d+O9cqrmwPhhhJifrdxON1NFiJEQbR/ltwCAQq2JqPy21FSwP1eOtN532ITcQfIo cm1SXg4wA6YpbY2DNBr2RaLqEf0n4feO1XOuiivkcsPDSHV38PxTbvqxVanRWnFg TJHfFkVl/L7E6wJxZGUlVGEMsyZ3crZV9+0qCjcH+UvXPPzQ7oKtGekHF0fGilwP d/CM3nRLIfEDiZptNWCj =3C1D -----END PGP SIGNATURE-----